Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/268.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# SQL语法错误_C#_Mysql - Fatal编程技术网
Fatal编程技术网

C# SQL语法错误

c# mysql

C# SQL语法错误,c#,mysql,C#,Mysql,当我尝试使用表单插入数据时,它会抛出异常1错误。请重试。sql语法中有错误。请查看与Mysql服务器版本对应的手册,以获取第1行附近要使用的正确语法 请帮助更正此错误 StringBuilder query = new StringBuilder(); query.Append("Insert Into my_project_data.vehicle(ChassyNumber ,ManufacturedYear, EngineCapacity,Price,Features ,VehicleBra

当我尝试使用表单插入数据时,它会抛出异常1错误。请重试。sql语法中有错误。请查看与Mysql服务器版本对应的手册,以获取第1行附近要使用的正确语法 请帮助更正此错误

StringBuilder query = new StringBuilder();
query.Append("Insert Into my_project_data.vehicle(ChassyNumber ,ManufacturedYear, EngineCapacity,Price,Features ,VehicleBrand , VehicleType) Values('" + chassy_txt.Text + "','"+manufac_year_txt.Text+"','"+Engine_Capasity_txt.Text+"','"+Price_txt.Text+"','"+Features_rich_txt.Text+"',");

Classes.DB_Connectivity db = new Classes.DB_Connectivity();

try
{
    db.openConnection();

        if ((radioButton1.Checked || radioButton2.Checked) && (radioButton7.Checked || radioButton11.Checked) && ( manufac_year_txt.Text != "" && Engine_Capasity_txt.Text != "" && Price_txt.Text != "" && Features_rich_txt.Text != ""))
        {


            if (radioButton1.Checked)
            {
                query.Append("BMW ,");

            }
            if (radioButton2.Checked) 
            {
                query.Append("Benz , ");
            }
            if (radioButton7.Checked)
            {
                query.Append("Car ,");
            }
            if (radioButton11.Checked)
            {
                query.Append("SUV ,");
            }

           if ( manufac_year_txt.Text != "" && Engine_Capasity_txt.Text != "" && Price_txt.Text != "" && Features_rich_txt.Text != "")
           { 
               query.Append(" '"+manufac_year_txt.Text+"', '"+Engine_Capasity_txt.Text+"','"+Price_txt.Text+"','"+Features_rich_txt.Text+"'");
            }

            MySqlCommand cmd = new MySqlCommand(query.ToString(), db.conn);
            cmd.ExecuteNonQuery();


            MessageBox.Show(" Vehicle Registration Successfull ", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);


        }
        else
        {
            MessageBox.Show("Fill All Required Information ", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }

}
catch (Exception e1)
{
    MessageBox.Show("Error Occured Please Try Again "  +e1.Message,"Error",MessageBoxButtons.OK,MessageBoxIcon.Error);
}
您可能遗漏了线条末尾的一个撇号,并将其加粗:

query.AppendInsert-Into my_project_data.vehicleChassyNumber ,制造商戴尔,发动机容量,价格,功能,车辆品牌, VehicleType值'+chassy_txt.Text+ “,”+manufac_year_txt.Text+”,“+Engine_Capasity_txt.Text+”,“+Price_txt.Text+”,“+Features_rich_txt.Text+”

应该是“+Features_rich_txt.Text+”,”; 你有: “+功能”\u rich_txt.Text+”

此外,您还需要在车型后加上撇号: 比如: query.AppendBMW',; 等等

也请考虑上面关于SQL注入的注释之一。

不使用字符串连接来生成查询。它们倾向于SQL注入。出于调试目的,从您的C代码中复制生成的查询字符串,并尝试直接在mysql上执行它,看看您得到的错误是什么?我想是假结束逗号',打印您将要执行的SQL命令以便进行调试。我只是不明白2014年编写SQL的人怎么会认为串联输入是明智的,合理的,或可接受的。。。还有一个例子是,它在查询中不起作用。AppendInsert+功能为“\u rich_txt.Text+”,;此final用于关闭insert语句。根据理解,您的车辆品牌字段值必须介于撇号之间。不是的,你必须修复它。是的,使用这段代码很容易破坏整个数据库,获取客户的私有数据等等。考虑一下,请不要尝试!有人会重视,,,,,,;从my_project_data.vehicle中删除;到文本框chassy_txt?