C# oledb数据库中的异常2147217900
我试图用以前计算过的文本框中的值更新数据库表。计算工作正常,文本框已转换为小数:C# oledb数据库中的异常2147217900,c#,oledb,oledbexception,C#,Oledb,Oledbexception,我试图用以前计算过的文本框中的值更新数据库表。计算工作正常,文本框已转换为小数: try { OleDbConnection con = new OleDbConnection(); con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\C
try
{
OleDbConnection con = new OleDbConnection();
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
OleDbCommand com = new OleDbCommand();
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES ('" + textBox5.Text + "','" + textBox6.Text + ",'" + textBox4.Text + "') WHERE ID='"+textBox2.Text+"',con";
com.ExecuteNonQuery();
MessageBox.Show("Saved");
con.Close();
}
catch (Exception ex)
{
MessageBox.Show("Error " + ex);
}
System.Data.OleDb.OleDbException未处理
错误代码=-
HResult=-2147217900
Message=查询表达式“Normal”-3.75000000000000000000000001')中的语法错误(缺少运算符),其中ID='1111',con'。
Source=Microsoft Access数据库引擎
堆栈跟踪:
在System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)中
位于System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams,Object&ExecuteSult)
在System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object&ExecuteSult)中
位于System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior,Object&executeResult)
位于System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior,String方法)
位于System.Data.OleDb.OleDbCommand.ExecuteNonQuery()处
在gym.Form6.button3\u单击C:\Users\User\Desktop\esoft\gym\gym\Form6.cs中的(对象发送者,事件参数e):第95行
在System.Windows.Forms.Control.OnClick(EventArgs e)中
在System.Windows.Forms.Button.OnClick(EventArgs e)中
在System.Windows.Forms.Button.OnMouseUp(MouseEventArgs-mevent)上
在System.Windows.Forms.Control.WmMouseUp(Message&m、MouseButtons按钮、Int32单击)
位于System.Windows.Forms.Control.WndProc(Message&m)
位于System.Windows.Forms.ButtonBase.WndProc(Message&m)
在System.Windows.Forms.Button.WndProc(Message&m)中
在System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message&m)中
在System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message&m)中
在System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd、Int32 msg、IntPtr wparam、IntPtr lparam)
在System.Windows.Forms.UnsafentiveMethods.DispatchMessageW(MSG&MSG)中
位于System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafentiveMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID、Int32 reason、Int32 pvLoopData)
位于System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32原因,ApplicationContext上下文)
位于System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32原因,ApplicationContext上下文)
在System.Windows.Forms.Application.Run(Form mainForm)中
在C:\Users\User\Desktop\esoft\gym\gym\Program.cs中的gym.Program.Main()处:第18行
位于System.AppDomain.\u nExecuteAssembly(RuntimeAssembly程序集,字符串[]args)
位于System.AppDomain.ExecuteAssembly(字符串汇编文件、证据汇编安全性、字符串[]args)
在Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()上
位于System.Threading.ThreadHelper.ThreadStart\u上下文(对象状态)
位于System.Threading.ExecutionContext.RunInternal(ExecutionContext ExecutionContext、ContextCallback回调、对象状态、布尔值preserveSyncCtx)
在System.Threading.ExecutionContext.Run(ExecutionContext ExecutionContext,ContextCallback回调,对象状态,布尔保存SyncCTX)
在System.Threading.ExecutionContext.Run(ExecutionContext ExecutionContext,ContextCallback回调,对象状态)
位于System.Threading.ThreadHelper.ThreadStart()处
内部异常:
private void button3_Click(object sender, EventArgs e)
{
// try
// {
OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;");
// con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
OleDbCommand com = new OleDbCommand();
com.Connection = con;
com.CommandType = CommandType.Text;
com.CommandText = "UPDATE gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES ('" + textBox5.Text + "','" + textBox6.Text + "','" + textBox4.Text + "') WHERE ID='" + textBox2.Text + "' ";
com.ExecuteNonQuery();
MessageBox.Show("Saved");
con.Close();
// }
// catch (Exception ex)
// {
// MessageBox.Show("Error " + ex);
// }
com.ExecuteNonQuery()中没有语法错误“'”撇号缺失
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES ('" + textBox5.Text + "','" + textBox6.Text + "','" + textBox4.Text + "') WHERE ID='"+textBox2.Text+"',con";
“'”撇号缺失
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES ('" + textBox5.Text + "','" + textBox6.Text + "','" + textBox4.Text + "') WHERE ID='"+textBox2.Text+"',con";
此处缺少一个撇号:
...','" + textBox6.Text + ",'"...
...','" + textBox6.Text + ",'"...
为了避免此类错误,以及出于其他原因(如安全性),请参数化查询
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
此处缺少一个撇号:
...','" + textBox6.Text + ",'"...
...','" + textBox6.Text + ",'"...
为了避免此类错误,以及出于其他原因(如安全性),请参数化查询
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
如果你比较你的错误
''Normal,'-3.750000000000000000000000001') WHERE ID='1111',con'
使用您的源代码
'" + textBox6.Text + ",'" + textBox4.Text + "') WHERE ID='"+textBox2.Text+"',con";
您可以看到SQL查询由于缺少单引号或双引号而结束
在这种情况下,textBox4.Text似乎是-3.75000000000000000000000001
所以,是的,你实际上遗漏了一个撇号:
为了避免此类错误,以及出于其他原因(如安全性),请参数化查询
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
这意味着,您的任何字段上的一个单引号实际上都会产生SQL注入安全问题
如果您正在寻找一种称为UPSERT的行为(如果是新数据,则插入;如果找到,则执行并更新),您可以创建一个存储过程,使用参数调用它,或者如果比较错误,您可以在上层处理它,具体取决于您的方法/架构指南
''Normal,'-3.750000000000000000000000001') WHERE ID='1111',con'
使用您的源代码
'" + textBox6.Text + ",'" + textBox4.Text + "') WHERE ID='"+textBox2.Text+"',con";
您可以看到SQL查询由于缺少单引号或双引号而结束
在这种情况下,textBox4.Text似乎是-3.75000000000000000000000001
所以,是的,你实际上遗漏了一个撇号:
为了避免此类错误,以及出于其他原因(如安全性),请参数化查询
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "INSERT INTO gym ([BMI],[Health],[weight_change_to_healthy_bmi]) VALUES (@bmi,@health,@weight)";
com.Parameters.AddWithValue("@bmi", textBox5.Text);
com.Parameters.AddWithValue("@health", textBox6.Text);
com.Parameters.AddWithValue("@weight", textBox4.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
这意味着,您的任何字段上的一个单引号实际上都会产生SQL注入安全问题
如果您正在寻找名为UPSERT的行为(如果是新数据,则插入;如果找到,则执行并更新)您可以创建一个存储过程,使用参数调用它,或者您可以在上层处理它,具体取决于您的方法/架构指南Toon-请在此回答中包含更多详细信息Toon-请在此回答中包含更多详细信息这修复了错误。但现在,当我尝试添加WHERE条件时,另一个错误弹出,指出查询输入必须至少包含一个表或查询。我忘了我使用了插入函数来测试我的连接。您将如何修改上述编码以使用更新位置函数?我一直在