C# SQL语法错误
当我尝试使用表单插入数据时,它会抛出异常1错误。请重试。sql语法中有错误。请查看与Mysql服务器版本对应的手册,以获取第1行附近要使用的正确语法 请帮助更正此错误C# SQL语法错误,c#,mysql,C#,Mysql,当我尝试使用表单插入数据时,它会抛出异常1错误。请重试。sql语法中有错误。请查看与Mysql服务器版本对应的手册,以获取第1行附近要使用的正确语法 请帮助更正此错误 StringBuilder query = new StringBuilder(); query.Append("Insert Into my_project_data.vehicle(ChassyNumber ,ManufacturedYear, EngineCapacity,Price,Features ,VehicleBra
StringBuilder query = new StringBuilder();
query.Append("Insert Into my_project_data.vehicle(ChassyNumber ,ManufacturedYear, EngineCapacity,Price,Features ,VehicleBrand , VehicleType) Values('" + chassy_txt.Text + "','"+manufac_year_txt.Text+"','"+Engine_Capasity_txt.Text+"','"+Price_txt.Text+"','"+Features_rich_txt.Text+"',");
Classes.DB_Connectivity db = new Classes.DB_Connectivity();
try
{
db.openConnection();
if ((radioButton1.Checked || radioButton2.Checked) && (radioButton7.Checked || radioButton11.Checked) && ( manufac_year_txt.Text != "" && Engine_Capasity_txt.Text != "" && Price_txt.Text != "" && Features_rich_txt.Text != ""))
{
if (radioButton1.Checked)
{
query.Append("BMW ,");
}
if (radioButton2.Checked)
{
query.Append("Benz , ");
}
if (radioButton7.Checked)
{
query.Append("Car ,");
}
if (radioButton11.Checked)
{
query.Append("SUV ,");
}
if ( manufac_year_txt.Text != "" && Engine_Capasity_txt.Text != "" && Price_txt.Text != "" && Features_rich_txt.Text != "")
{
query.Append(" '"+manufac_year_txt.Text+"', '"+Engine_Capasity_txt.Text+"','"+Price_txt.Text+"','"+Features_rich_txt.Text+"'");
}
MySqlCommand cmd = new MySqlCommand(query.ToString(), db.conn);
cmd.ExecuteNonQuery();
MessageBox.Show(" Vehicle Registration Successfull ", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
MessageBox.Show("Fill All Required Information ", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
catch (Exception e1)
{
MessageBox.Show("Error Occured Please Try Again " +e1.Message,"Error",MessageBoxButtons.OK,MessageBoxIcon.Error);
}
您可能遗漏了线条末尾的一个撇号,并将其加粗: query.AppendInsert-Into my_project_data.vehicleChassyNumber ,制造商戴尔,发动机容量,价格,功能,车辆品牌, VehicleType值'+chassy_txt.Text+ “,”+manufac_year_txt.Text+”,“+Engine_Capasity_txt.Text+”,“+Price_txt.Text+”,“+Features_rich_txt.Text+” 应该是“+Features_rich_txt.Text+”,”; 你有: “+功能”\u rich_txt.Text+” 此外,您还需要在车型后加上撇号: 比如: query.AppendBMW',; 等等
也请考虑上面关于SQL注入的注释之一。
不使用字符串连接来生成查询。它们倾向于SQL注入。出于调试目的,从您的C代码中复制生成的查询字符串,并尝试直接在mysql上执行它,看看您得到的错误是什么?我想是假结束逗号',打印您将要执行的SQL命令以便进行调试。我只是不明白2014年编写SQL的人怎么会认为串联输入是明智的,合理的,或可接受的。。。还有一个例子是,它在查询中不起作用。AppendInsert+功能为“\u rich_txt.Text+”,;此final用于关闭insert语句。根据理解,您的车辆品牌字段值必须介于撇号之间。不是的,你必须修复它。是的,使用这段代码很容易破坏整个数据库,获取客户的私有数据等等。考虑一下,请不要尝试!有人会重视,,,,,,;从my_project_data.vehicle中删除;到文本框chassy_txt?