C# INSERT into语句vb c中的语法错误#
我是一个新手,目前在我的代码的这一部分有问题,在点击要记录在数据库中的按钮后,我得到了一个语法错误C# INSERT into语句vb c中的语法错误#,c#,C#,我是一个新手,目前在我的代码的这一部分有问题,在点击要记录在数据库中的按钮后,我得到了一个语法错误 private void button1_Click(object sender, EventArgs e) { FlightConn.Open(); oleDbCmd.Connection = FlightConn; oleDbCmd.CommandText = "insert into tbl_flight (fld_Passeng
private void button1_Click(object sender, EventArgs e)
{
FlightConn.Open();
oleDbCmd.Connection = FlightConn;
oleDbCmd.CommandText = "insert into tbl_flight (fld_PassengerName, fld_destination, fld_class, fld_date, fld_time) ('" +
this.textBox1.Text + "', '" + this.textBox2.Text + "', '" + this.comboBox1.SelectedItem + "', '" + this.comboBox2.SelectedItem + "','" + this.dateTimePicker1.Value + "');";
int temp = oleDbCmd.ExecuteNonQuery();
if (temp > 0)
{
textBox1.Text = null;
textBox2.Text = null;
comboBox1.Text = null;
comboBox2.Text = null;
dateTimePicker1.Text = null;
MessageBox.Show("Record Successfully Added");
}
else
{
MessageBox.Show("Record Failed to Add");
}
FlightConn.Close();
}
你知道问题出在哪里吗?感谢您以后的解答您插入的查询缺少Values关键字<代码>插入tablename(field1,field2)值(value1,value2)您没有指定“values”关键字。。试试这个
oleDbCmd.CommandText = "insert into tbl_flight (fld_PassengerName, fld_destination, fld_class, fld_date, fld_time) values('" +
this.textBox1.Text + "', '" + this.textBox2.Text + "', '" + this.comboBox1.SelectedItem + "', '" + this.comboBox2.SelectedItem + "','" + this.dateTimePicker1.Value + "');";
您的sql语句中似乎缺少“VALUES”关键字您的sql字符串必须是
string.Format(@"INSERT INTO tbl_flight (fld_PassengerName, fld_destination, fld_class, fld_date, fld_time)
VALUES ('{0}', '{1}', '{2}', '{3}', '{4}', '{5}');",
this.textBox1.Text, this.textBox2.Text, this.comboBox1.SelectedItem,
this.comboBox2.SelectedItem, this.dateTimePicker1.Value);
您的SQL命令缺少一个子句。您还应该使用参数化查询,而不是将值以纯文本形式输入到查询中。它使查询更加安全,因为您不必太担心SQL注入 更改此项:
oleDbCmd.CommandText = "insert into tbl_flight (fld_PassengerName, fld_destination, fld_class, fld_date, fld_time) ('" +
this.textBox1.Text + "', '" + this.textBox2.Text + "', '" + this.comboBox1.SelectedItem + "', '" + this.comboBox2.SelectedItem + "','" + this.dateTimePicker1.Value + "');";
更像这样:
oleDbCmd.CommandText = "insert into tbl_flight(fld_PassengerName, fld_destination, fld_class, fld_date, fld_time) values(@PassengerName, @Destination, @Class, @Date, @Time)";
List<OleDbParameter> args = new List<OleDbParameter>();
args.Add(new OleDbParameter("@PassengerName", textBox1.Text));
args.Add(new OleDbParameter("@Destination", textBox2.Text));
args.Add(new OleDbParameter("@Class", comboBox1.SelectedItem));
args.Add(new OleDbParameter("@Date", comboBox2.SelectedItem));
args.Add(new OleDbParameter("@Time", dateTimePicker1.Value));
oleDbCmd.Parameters.Add(args.ToArray());
oleDbCmd.CommandText=“插入tbl_航班(航班号、目的地、班次、日期、时间)值(@PassengerName、@destination、@class、@date、@time)”;
列表参数=新列表();
args.Add(新的OLEDB参数(“@PassengerName”,textBox1.Text));
Add(新的OleDbParameter(“@Destination”,textBox2.Text));
args.Add(新的OLEDBPParameter(“@Class”,comboBox1.SelectedItem));
args.Add(新的OLEDB参数(“@Date”,comboBox2.SelectedItem));
Add(新的OLEDB参数(“@Time”,dateTimePicker1.Value));
添加(args.ToArray());
是c#还是vb.net?你为什么把两者都贴上标签?语法错误发生在哪里?您是否已通过代码查看每一点的值?字段之间是否缺少值)和值(?在该INSERT
语句中,您是否缺少VALUES
关键字?您还应该添加SQL参数以避免SQL注入。此外,在保存输入值之前是否验证任何输入值。除此之外,此代码容易受到SQL注入攻击。请使用参数化SQL-请参阅以获取示例。不感谢答案请回答,关键字是“VALUES
”;)我还建议,任何传播SQL注入漏洞的答案都没有起到应有的作用。