我创建一个名为Table的表,其中包含成员(名字,姓氏,地址)。程序抛出错误“关键字'表'附近语法不正确”。应用程序是将数据插入表中。该代码用于新的按钮异常处理程序。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace Week4
{
public partial class Form1 : Form
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\cvyc8\Documents\Testing.mdf;Integrated Security=True;Connect Timeout=30");
public Form1()
{
InitializeComponent();
}
private void txtSearch_TextChanged(object sender, EventArgs e)
{
}
private void btnNew_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into [Member] values ('" + txtFirstName.Text + "', '" + txtLastName.Text + "', '" + txtAddress.Text + "')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Member added successfully");
}
private void btnEdit_Click(object sender, EventArgs e)
{
}
private void btnCancel_Click(object sender, EventArgs e)
{
}
private void btnSave_Click(object sender, EventArgs e)
{
}
}
}
答案 0 :(得分:1)
您需要使用参数来避免sql注入
const usersRouter = require('./routes/userRoutes');
const postRouter = require('./routes/post');
const matchRouter = require('./routes/matchRoutes');
const app = express();
const router = express.Router();
const socket = require('socket.io');
const server = app.listen(
port,
console.log(`Server running in ${process.env.NODE_ENV} mode on port ${port}`)
);
let io = require('socket.io')(server);
app.set("io", io);
io.on('connection', socket => {
require('./routes/socket')(socket);
});
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cors());
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});''
app.use(express.json());
app.use('/', router);
module.exports = app;
答案 1 :(得分:0)
table是SQL中的保留关键字,包括MSSQL。
下面的代码可以工作,但是我强烈建议不要对表名使用保留关键字。 (相关答案:https://stackoverflow.com/a/695626/361100)
cmd.CommandText = ("insert into [table] values ('"+txtFirstName.Text+"', '"+txtLastName.Text+"', '"+txtAddress.Text+"'))");
答案 2 :(得分:0)
该错误是一般性的,因为它无法理解代码中的“ [Member]”。在[会员]中似乎很可疑。您的表名是 Table ,但由于它是保留关键字,因此无法使用。尝试以这种方式编写。
private void btnNew_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into Member("FirstName","LastName","Address") values ('" + txtFirstName.Text + "', '" + txtLastName.Text + "', '" + txtAddress.Text + "')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Member added successfully");
}
注意:(“名字”,“姓氏”,“地址”)是您的表格字段。确保您的表与数据库表的大小写匹配(大写和小写)。
希望这会有所帮助。