Vb.net .NET访问错误插入到
我正在尝试使用VISUAL STUDIO将文本框文本插入数据库以下是我的代码:Vb.net .NET访问错误插入到,vb.net,ms-access,Vb.net,Ms Access,我正在尝试使用VISUAL STUDIO将文本框文本插入数据库以下是我的代码: Dim usernme, passwrd As String usernme = REG_USER_USERNAME.Text passwrd = REG_USER_PASSWORD.Text Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Login.accdb" myConnection.Open() Di
Dim usernme, passwrd As String
usernme = REG_USER_USERNAME.Text
passwrd = REG_USER_PASSWORD.Text
Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Login.accdb"
myConnection.Open()
Dim sqlQry As String = "INSERT INTO Admins (USERNAME, PASSWORD) VALUES('" & usernme & "','" & passwrd & "')"
MsgBox(sqlQry)
Dim cmd As OleDbCommand = New OleDbCommand(sqlQry, myConnection)
cmd.ExecuteNonQuery()
myConnection.Close()
但我得到一个异常错误,包括:
其他信息:INSERT INTO语句中的语法错误
我的代码有什么问题,我的值周围也有引号 直接的答案是密码是Access中的保留字。因此:
Dim sqlQry As String = "INSERT INTO Admins (USERNAME, [PASSWORD]) VALUES('" & usernme & "','" & passwrd & "')"
也就是说,当您使用未经消毒的用户输入进行直接连接时,请务必遵循@puropoix发布的建议。您可以这样尝试
*Imports System.Data.OleDb
Public Class Form1
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
' Requires: Imports System.Data.OleDb
' ensures the connection is closed and disposed
Using connection As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=""C:\your_path_here\InsertInto.mdb"";" & _
"Persist Security Info=False")
' open connection
connection.Open()
' Create command
Dim insertCommand As New OleDbCommand( _
"INSERT INTO Table1([inputOne] , [inputTwo] , [inputThree]) " & _
"VALUES (@inputOne, @inputTwo, @inputThree);", _
connection)
' Add the parameters with value
insertCommand.Parameters.AddWithValue("@inputOne", TextBox1.Text)
insertCommand.Parameters.AddWithValue("@inputTwo", TextBox2.Text)
insertCommand.Parameters.AddWithValue("@inputThree", TextBox3.Text)
' you should always use parameterized queries to avoid SQL Injection
' execute the command
insertCommand.ExecuteNonQuery()
MessageBox.Show("Insert is done!!")
End Using
End Sub
End Class*
A) 永远不要压缩字符串来生成SQL-使用参数B)密码是access中的保留字,因此请将其转义为[PASSWORD]
,或者不要将保留字用作列名C)永远不要将密码存储为纯文本-将其散列。D和E)请阅读并采取行动,您还应学会处置物品