C# 借方附近的语法错误

我面临着一个问题。在这里…错误是。借方附近的语法不正确

private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection cn = new SqlConnection(global::databaseform.Properties.Settings.Default.Database2ConnectionString);
        try
        {
            //string sql = "INSERT INTO student(Id,name) values (" + textBox1.Text + ",'" + textBox2.Text + "')";

            //JOURNAL
            string sql = "INSERT INTO journal(user_Id, DATE, MEMO, ACCOUNT DEBIT, ACCOUNT CREDIT, AMOUNT DEBIT, AMOUNT CREDIT) values (" + user_id.Text + "," + date.Text + ",'" + memo.Text + "','" + debit.Text + "','" + credit.Text + "'," + debit_am.Text + "," + credit_am.Text + ")";
            SqlCommand eesql = new SqlCommand(sql, cn);
            cn.Open();
            eesql.ExecuteNonQuery();
            MessageBox.Show("Add new record  done ||", " Message ", MessageBoxButtons.OK, MessageBoxIcon.Information);
            this.journalTableAdapter.Fill(this.database2DataSet.journal);

        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message, " ERROR ", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        finally
        {
            cn.Close();
        }
    }

您需要在带有空格的字段名周围添加引号或括号

您应该养成使用参数的习惯

//JOURNAL
string sql = "INSERT INTO journal(user_Id, DATE, MEMO, [ACCOUNT DEBIT], [ACCOUNT CREDIT], [AMOUNT DEBIT], [AMOUNT CREDIT])" + 
             " values " + 
             " (@userid, @date, @memo, @debit, @credit, @debit_am, @credit_am)";
SqlCommand eesql = new SqlCommand(sql, cn);
eesql.Parameters.AddWithValue("@userid", user_id.Text);
eesql.Parameters.AddWithValue("@date", date.Text);
..etc.

使用参数的三个主要原因是：

SQL注入保护

无需添加字符串分隔符

消除输入值带有引号而产生语法错误的风险

---

字段的名称中有空格。您需要将它们括起来，例如，

[账户信用]

当然，您不需要这是什么数据库，因此其具体报价要求可能会有所不同。无论如何，如果字段的名称中包含空格或其他无效字符，则必须对其进行特殊处理。