SQL查询错误Vb.net Sqlite
我有一个疑问:SQL查询错误Vb.net Sqlite,sql,.net,vb.net,sqlite,syntax,Sql,.net,Vb.net,Sqlite,Syntax,我有一个疑问: SQLcommand.CommandText = "UPDATE Pupil SET Pupil_Name = '" & PDV_First_Name.Text & "' , Pupil_Middle_Name = '" & PDV_Middle_Name.Text & "' , Pupil_Surname = '" &
SQLcommand.CommandText = "UPDATE Pupil
SET Pupil_Name = '" & PDV_First_Name.Text & "' ,
Pupil_Middle_Name = '" & PDV_Middle_Name.Text & "' ,
Pupil_Surname = '" & PDV_Surname.Text & "' ,
Pupil_Prefferend_Name = '" & PDV_P_Name.Text & "' ,
Gender = '" & gender & "' ,
DOB = '" & Microsoft.VisualBasic.Left(PDV_bday.Value,10) & "' ,
Home_Languages = '" & PDV_Languages.Text & "' ,
Family_Religion = '" & PDV_Religion.Text & "' ,
Ethnicity = '" & PDV_Ethnicity.Text & "' ,
Form_ID = '" & Microsoft.VisualBasic.Trim(Microsoft.VisualBasic.Left(PDV_Form.Text,3)) & "' ,
Address_Line_1 = '" & PDV_Address_1.Text & "' ,
Address_Line_2 = '" & PDV_Address_2.Text & "' ,
Address_Line_3 = '" & PDV_Address_3.Text & "' ,
Postcode = '" & PDV_Postcode.Text & "' ,
Home_Tel = '" & PDV_Home_Tel.Text & "' ,
Parent_1_First_Name = '" & PDV_P1_First_Name.Text & "' ,
Parent_1_Surname = '" & PDV_P1_Surname.Text & "' ,
Parent_1_Relationship = '" & PDV_P1_CB_Relationship.Text & "' ,
Parent_1_Occupation = '" & PDV_P1_Occupation.Text & "' ,
Parent_1_Mobile_No = '" & PDV_P1_Mobile_No.Text & "' ,
Parent_1_Work_Number = '" & PDV_P1_Work_No.Text & "' ,
Parent_1_Email = '" & PDV_P1_Email.Text & "' ,
Parental_1_Responsibility = '" & parental1 & "' ,
Parent_2_First_Name = '" & PDV_P2_First_Name.Text & "' ,
Parent_2_Surname = '" & PDV_P2_Surname.Text & "' ,
Parent_2_Relationship = '" & PDV_P2_CB_Relationship.Text & "' ,
Parent_2_Occupation = '" & PDV_P2_Occupation.Text & "' ,
Parent_2_Mobile_No = '" & PDV_P2_Mobile_No.Text & "' ,
Parent_2_Work_Number = '" & PDV_P2_Work_No.Text & "' ,
Parent_2_Address_1 = '" & PDV_P2_Address_1.Text & "' ,
Parent_2_Address_2 = '" & PDV_P2_Address_2.Text & "' ,
Parent_2_Address_3 = '" & PDV_P2_Address_3.Text & "' ,
Parent_2_Postcode = '" & PDV_P2_Postcode.Text & "' ,
Parent_2_Home_No = '" & PDV_P2_Home_Number.Text & "' ,
Parental_2_Responsibility = '" & parental2 & "' ,
Family_Mem_1_First_Name = '" & PDV_FM1_First_Name.Text & "' ,
Family_Mem_1_Surname = '" & PDV_FM1_Surname.Text & "' ,
Family_Mem_1_Relationship = '" & PDV_FM1_Relationship.Text & "' ,
Family_Mem_2_First_Name = '" & PDV_FM2_First_Name.Text & "' ,
Family_Mem_2_Surname = '" & PDV_FM2_Surname.Text & "' ,
Family_Mem_2_Relationship = '" & PDV_FM2_Relationship.Text & "' ,
Collector_1_First_Name = '" & PDV_C1_First_Name.Text & "' ,
Collector_1_Surname = '" & PDV_C1_Surname.Text & "' ,
Collector_1_Relationship = '" & PDV_C1_Relationship.Text & "' ,
Collector_1_Address_1 = '" & PDV_C1_Address_1.Text & "' ,
Collector_1_Address_2 = '" & PDV_C1_Address_2.Text & "' ,
Collector_1_Address_3 = '" & PDV_C1_Address_3.Text & "' ,
Collector_1_Postcode = '" & PDV_C1_Postcode.Text & "' ,
Collector_1_Tel_No = '" & PDV_C1_Work_No.Text & "' ,
Collector_1_Mob_No = '" & PDV_C1_Mobile_No.Text & "' ,
Collector_2_First_Name = '" & PDV_C2_First_Name.Text & "' ,
Collector_2_Surname = '" & PDV_C2_Surname.Text & "' ,
Collector_2_Relationship = '" & PDV_C2_Relationship.Text & "' ,
Collector_2_Address_1 = '" & PDV_C2_Address_1.Text & "' ,
Collector_2_Address_2 = '" & PDV_C2_Address_2.Text & "' ,
Collector_2_Address_3 = '" & PDV_C2_Address_3.Text & "' ,
Collector_2_Postcode = '" & PDV_C2_Postcode.Text & "' ,
Collector_2_Tel_No = '" & PDV_C2_Work_No.Text & "' ,
Collector_2_Mob_No = '" & PDV_C2_Mobile_No.Text & "' ,
Collection_Instructions = '" & PDV_Collection_Instructions.Text &"' ,
Doctor_Name = '" & PDV_M_First_Name.Text & "' ,
Practice_Name = '" & PDV_M_Practice.Text & "' ,
Doctor_Address_1 = '" & PDV_M_Address_1.Text & "' ,
Doctor_Address_2 = '" & PDV_M_Address_2.Text & "'
,Doctor_Address_3 = '" & PDV_M_Address_3.Text & "' ,
Doctor_Postcode = '" & PDV_M_Postcode.Text & "' ,
Doctor_Contact_No = '" & PDV_M_Contact_No.Text & "' ,
Vaccinations = '" & PDV_M_Vaccinations.Text & "' ,
Allergies = '" & PDV_M_Allergies.Text & "' ,
Food_Dislikes '" & PDV_M_Dislikes.Text & "' ,
Special_Needs = '" & sn & "' ,
Special_Needs_Details = '" & PDV_M_Special_Needs.Text & "' ,
Medication_Application = '" & MA & "' ,
Medication_Details = '" & PDV_M_Medication.Text & "' ,
Medical_Problems = '" & PDV_M_Medical_Info.Text & "' ,
ICE_First_Name = '" & PDV_ICE_First_Name.Text & "' ,
ICE_Surname = '" & PDV_ICE_Surname.Text & "' ,
ICE_Relationship = '" & PDV_ICE_CB_Relationship.Text & "' ,
ICE_Address_1 = '" & PDV_ICE_Address_1.Text & "' ,
ICE_Address_2 = '" & PDV_ICE_Address_2.Text & "' ,
ICE_Address_3 = '" & PDV_ICE_Address_3.Text & "' ,
ICE_Postcode = '" & PDV_ICE_Postcode.Text & "' ,
ICE_Tel_No = '" & PDV_ICE_Home_No.Text & "' ,
ICE_Mob_No = '" & PDV_ICE_Mobile_No.Text & "' ,
Emergency = '" & A & "' ,
Safety = '" & B & "' ,
Information = '" & C & "' ,
Medical_Form = '" & D & "' ,
Stats = '" & U & "' ,
Consent_PG = '" & F & "' ,
Consent_Photo = '" & G & "' ,
Consent_Face_Paint = '" & H & "' ,
Consent_Trips_Dore_Village = '" & I & "' ,
Consent_Trips_Dore_Recc = '" & J & "' ,
Consent_Scooter = '" & K & "' ,
Consent_Plaster = '" & L & "' ,
Consent_Sun_Cream = '" & M & "' ,
Attendance_Monday = '" & N & "' ,
Attendance_Tuesday = '" & O & "' ,
Attendance_Wednesday = '" & P & "' ,
Attendance_Thursday = '" & Q & "' ,
Attendance_Friday = '" & R & "' ,
Signed = '" & S & "' ,
Sign_Date = '" & Microsoft.VisualBasic.Left(PDV_O_Datetime_Sign.Value,10) & "' ,
Waiting_List = '" & T & "' , Date_Of_Application = '" & Microsoft.VisualBasic.Left(PDV_O_Datetime_Application.Value,10) & "' ,
Date_Added = '" & Microsoft.VisualBasic.Left(PDV_O_Datetime_Added.Value,10) & "' ,
Added_By = '" & PDV_O_CB_Added.Text & "' ,
Other_Info = '" & PDV_Other.Text & "'
WHERE Pupil_ID = '" & Pupil & "'"
System.Data.SQLite.SQLiteException: SQLite error
near "''": syntax error
at System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain)
at System.Data.SQLite.SQLiteCommand.BuildNextCommand()
at System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index)
at System.Data.SQLite.SQLiteDataReader.NextResult()
at System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave)
at System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior)
at System.Data.SQLite.SQLiteCommand.ExecuteNonQuery()
at ContactsDatabase.Search_Pupil.Button2Click(Object sender, EventArgs e) in F:\Backup\ContactsDatabase\Search_Pupil.vb:line 1067
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(ApplicationContext context)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)
at ContactsDatabase.My.MyApplication.Main(String[] Args) in 17d14f5c-a337-4978-8281-53493378c1071.vb:line 81
谢谢为了节省空间和时间,我只向您展示如何修复此问题的简短版本。这里展示的技术不仅可以解决sql格式问题,还可以解决当前代码存在的巨大安全问题:
SQLcommand.CommandText=“更新瞳孔”
设置瞳孔名称=@PupilName,
学生姓名=@pupilmidlename,
学生姓=@Pupil姓氏,
学生姓名=@PupilPreferredName,
性别=@Gender,
DOB=@DOB,
...
其中,瞳孔_ID=@PupilID”
'此处猜测参数类型/长度。使用数据库中的实际类型和长度
SQLcommand.Parameters.Add(“@PupilName”,SqlDbType.NVarChar,30)。Value=PDV\u First\u Name.Text
SQlcommand.Parameters.Add(“@PupilMiddleName”,SqlDbType.NVarChar,30)。Value=PDV\u Middle\u Name.Text
SQLcommand.Parameters.Add(“@pupilNames”,SqlDbType.NVarChar,40)。Value=PDV_姓氏.Text
SQLcommand.Parameters.Add(“@PupilPreferredName”,SqlDbType.NVarChar,30)。Value=PDV_P_Name.Text
SQLcommand.Parameters.Add(“@Gender”,SqlDbType.Char,1)。Value=Gender
SQLcommand.Parameters.Add(“@DOB”,SqlDbType.DateTime).Value=DateTime.Parse(Microsoft.VisualBasic.Left(PDV_bday.Value,10))
'...
SQLcommand.Parameters.Add(“@PupilID”,SqlDbType.Int).Value=pull
我有。。。搜索这个神秘的“''”