C# Visual Studio上的INSERT INTO命令中出现语法错误
我有一个简单的insert查询,但是VisualStudio返回“insert INTO命令中的语法错误”,我在db(access)中复制并粘贴完全相同的查询,并且它可以工作。。。有什么帮助吗C# Visual Studio上的INSERT INTO命令中出现语法错误,c#,sql,asp.net,ms-access,C#,Sql,Asp.net,Ms Access,我有一个简单的insert查询,但是VisualStudio返回“insert INTO命令中的语法错误”,我在db(access)中复制并粘贴完全相同的查询,并且它可以工作。。。有什么帮助吗 public void Create(string mail, string nickname, string password, string avatar) { OleDbConnection cn = new OleDbConnection(_connectionStrin
public void Create(string mail, string nickname, string password, string avatar)
{
OleDbConnection cn = new OleDbConnection(_connectionString);
OleDbCommand cmd = new OleDbCommand();
try
{
String PwdSHA256;
SHA256 mySHA256 = SHA256.Create();
byte[] hashValue = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(password));
StringBuilder builder = new StringBuilder();
for (int i = 0; i < hashValue.Length; i++)
{
builder.Append(hashValue[i].ToString("x2"));
}
PwdSHA256 = builder.ToString();
cn.Open();
cmd.Connection = cn;
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO utenti ([email],[nickname],[password],[avatar],[attivo]) " +
"VALUES ('" + mail + "', '" + nickname + "', '" + PwdSHA256 + "','', false)";
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
System.Web.HttpContext.Current.Session["errore"] = ex;
System.Web.HttpContext.Current.Response.Redirect("ErrorPage.aspx");
this._errore = ex.Message;
}
finally
{
cmd = null;
cn.Close();
}
}
public void创建(字符串邮件、字符串昵称、字符串密码、字符串化身)
{
OLEDB连接cn=新的OLEDB连接(_connectionString);
OleDbCommand cmd=新的OleDbCommand();
尝试
{
字符串PwdSHA256;
SHA256 mySHA256=SHA256.Create();
byte[]hashValue=mySHA256.ComputeHash(Encoding.UTF8.GetBytes(password));
StringBuilder=新的StringBuilder();
for(int i=0;i
也许你应该改变一下
cmd.CommandText = "INSERT INTO utenti (email,nickname,password,avatar,attivo) " +
"VALUES ('" + mail + "', '" + nickname + "', '" + PwdSHA256 + "','', false)";
并确保数据库中的列与查询相同
使用参数化语句或享受SQL注入攻击。首先,
false
不是插入中的布尔值,而是字符串。第二,@franzgleichman说的。任何处理用户数据的程序员最终都会了解。更多