INSERT INTO”中的语法错误;ms access vb.net
假设您对函数的输入参数进行了足够的预验证,以避免SQL注入的风险,那么像这样构建和执行一个完全格式的INSERT语句不是更简单吗INSERT INTO”中的语法错误;ms access vb.net,vb.net,ms-access,syntax,insert,Vb.net,Ms Access,Syntax,Insert,假设您对函数的输入参数进行了足够的预验证,以避免SQL注入的风险,那么像这样构建和执行一个完全格式的INSERT语句不是更简单吗 Private Sub loadcombo_1_leader(name1 As String, name2 As String, name3 As Long) Dim sql As String = "INSERT INTO [Combination Definitions] (ComboName, ComboType, AutoDesi
Private Sub loadcombo_1_leader(name1 As String, name2 As String, name3 As Long)
Dim sql As String = "INSERT INTO [Combination Definitions] (ComboName, ComboType, AutoDesign, CaseType, CaseName, ScaleFactor, SteelDesign, ConcDesign, AlumDesign, ColdDesign, GUID, Notes) VALUES(@ComboName, @ComboType, @AutoDesign, @CaseType, @CaseName, @ScaleFactor, @SteelDesign, @ConcDesign, @AlumDesign, @ColdDesign, @GUID, @Notes)"
COM = New OleDbCommand(sql, Con)
COM.Parameters.AddWithValue("@ComboName", name1)
COM.Parameters.AddWithValue("@ComboType", "Linear Add")
COM.Parameters.AddWithValue("@AutoDesign", "No")
COM.Parameters.AddWithValue("@CaseType", "Linear Static")
COM.Parameters.AddWithValue("@CaseName", name2)
COM.Parameters.AddWithValue("@ScaleFactor", name3)
COM.Parameters.AddWithValue("@SteelDesign", "None")
COM.Parameters.AddWithValue("@ConcDesign", "None")
COM.Parameters.AddWithValue("@AlumDesign", "None")
COM.Parameters.AddWithValue("@ColdDesign", "None")
COM.Parameters.AddWithValue("@GUID", "")
COM.Parameters.AddWithValue("@Notes", "")
Con.Open()
COM.ExecuteNonQuery()
Con.Close()
End Sub
从理论上讲,您还应该得到一个有意义的错误,它将告诉您语句有什么问题(如果它在语句中)
另一个选项是获取生成的SQL字符串,并直接对数据库运行它以检索相同的错误消息
lngAffected还为您提供了一种附加功能,即在将其部署到生产环境中后,使用返回值1(行)验证插入。我怀疑您的一个列名是保留字,但没有明显的候选列名。我不认为
GUID
或Notes
是正确的,但为了以防万一,您可以尝试将它们用括号括起来。我认为jmchilinney非常适合保留字的想法:GUID
出现在中。我觉得奇怪的是,名为GUID的字段会被保留为空。此外,我不允许在表中使用空字符串。如果您不打算填充字段,为什么要将它们包括在插入操作中?您的表名有一个空格。你检查过了吗?“组合定义”
Dim sql As String
Dim lngAffected As Long
sql = "INSERT INTO [Combination Definitions] (ComboName, ComboType, AutoDesign, CaseType, CaseName, ScaleFactor, SteelDesign, ConcDesign, AlumDesign, ColdDesign, GUID, Notes) "
sql = sql & "VALUES('" & name1 & "', 'Linear Add', 'No', 'Linear Static', '" & name2 & "', '" & name3 & "', 'None', 'None', 'None', '', '')"
COM.Execute lngAffected