C# “获取错误”;System.Data.SqlClient.SqlException:';靠近';的语法不正确'&引用;
我真的需要帮助来解决这个错误,我是C#的新手,所以这可能是一个明显的错误,也可能不是 错误是 System.Data.SqlClient.SqlException:靠近“')的语法不正确 它出现在:C# “获取错误”;System.Data.SqlClient.SqlException:';靠近';的语法不正确'&引用;,c#,sql-server,exception,visual-studio-2019,C#,Sql Server,Exception,Visual Studio 2019,我真的需要帮助来解决这个错误,我是C#的新手,所以这可能是一个明显的错误,也可能不是 错误是 System.Data.SqlClient.SqlException:靠近“')的语法不正确 它出现在: using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient; //allows a secure link between the button on add user and the database
namespace inventory_management_coding
{
public partial class Add_New_User : Form
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Sarwan\Desktop\computer science coding coursework\inventory management coding\Inventory.mdf;Integrated Security=True"); // this is a connection string so it sets the variable con with the database file that is exactly in that file location
public Add_New_User()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
int i = 0;
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from Registration where username = '" + textBox3.Text + "'"; //this gets information from my database. Textbox 3 is the username textbox
cmd.ExecuteNonQuery(); // This is used for executing queries that do not return any data.
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd); // allows access to the database
da.Fill(dt);
i = Convert.ToInt32(dt.Rows.Count.ToString());
if (i == 0) //allows us to pass through sub query
{
SqlCommand cmd1 = con.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "Insert into registeration ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')"; //This allows data to be entere into the database. Text box 1,2,3,4,5 are linked to firstname, lastname etc
cmd1.ExecuteNonQuery();
textBox1.Text = ""; textBox2.Text = "";
textBox3.Text = ""; textBox4.Text = "";
textBox5.Text = ""; // these allow the parameters to be passed through
MessageBox.Show("user record inserted successfully");
}
else
{
MessageBox.Show("This username already exists, please choose another"); // this would be an invalid statement for choosing a same username. They must be Unique!
}
}
private void Add_New_User_Load(object sender, EventArgs e)
{
if (con.State == ConnectionState.Open) //this section of code is vital in all areas to allow the program to automatically connect to the database. Con is the linking variable.
{
con.Close();
}
con.Open();
}
}
}
cmd1.ExecuteNonQuery();
插入行的commandText缺少一些信息 你现在有
cmd1.CommandText = "Insert into registeration ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')"; //This allows data to be inputted in the database. Text box 1,2,3,4,5 are linked to firstnale, lastname etc
Insert-intoINSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3, ...);
//This allows data to be inputted in the database. Text box 1,2,3,4,5 are linked to firstnale, lastname etc
cmd1.CommandText = "Insert into registeration (column1, column2, column3, column4, column5) VALUES ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')";
column1、column2、column3、column4、column5CommandText作为补充说明,您需要对进行一些研究,因为通过直接从用户输入框构建SQL命令,您将非常容易受到此漏洞的影响。您应该放弃并忽略任何教程或学习源教您如何以这种方式编写SQL。在.NET中这样做从来都不是正确的方法。你得到的错误只是其中一个比较温和的问题。