Fatal编程技术网
  • vb.net/
  • 我在vb.net中的查询出现插入错误

我在vb.net中的查询出现插入错误

vb.net ms-access

我在vb.net中的查询出现插入错误,vb.net,ms-access,sql-insert,executenonquery,Vb.net,Ms Access,Sql Insert,Executenonquery,我试图使用insert查询将数据插入Access数据库表,在insert into语句中得到错误语法错误 我甚至尝试过不带参数的sql字符串,得到了相同的错误,但是如果我将相同的查询直接粘贴到Access中,它就会工作 Dim sqlinsert As String 'sqlinsert = "INSERT INTO JobApplicants(Title, Address, Postcode, Phone, Email, Position, Education) VALUES(@Title,

我试图使用insert查询将数据插入Access数据库表,在
insert into
语句中得到错误语法错误

我甚至尝试过不带参数的sql字符串,得到了相同的错误,但是如果我将相同的查询直接粘贴到Access中,它就会工作

Dim sqlinsert As String
'sqlinsert = "INSERT INTO JobApplicants(Title, Address, Postcode, Phone, Email, Position, Education) VALUES(@Title, @Address, @Postcode, @Phone, @Email, @Position, @Education)"
' sqlinsert = "INSERT INTO JobApplicants(Title, ApplicantName,Address, Postcode, Phone, Email, Position, Education) VALUES('" & comboTitle.Text.ToString & "','" & txtApplicantName.Text & "','" & txtAddress.Text & "','" & txtPostcode.Text & "','" & txtPhone.Text & "','" & txtEmail.Text & "','" & comboPosition.Text & "','" & comboEducation.Text & "')"
sqlinsert = "INSERT INTO JobApplicants(Title, ApplicantName,Address, Postcode, Phone, Email, Position, Education) VALUES('Mr','freed','12 high st','sa123er','01234567890','a@b.c','head','gcse')"
Dim cmd As New OleDbCommand(sqlinsert, con1)

cmd.Parameters.Add(New OleDbParameter("@Title", comboTitle.Text))
cmd.Parameters.Add(New OleDbParameter("@Address", txtAddress.Text))
cmd.Parameters.Add(New OleDbParameter("@Postcode", txtPostcode.Text))
cmd.Parameters.Add(New OleDbParameter("@Phone", txtPhone.Text))
cmd.Parameters.Add(New OleDbParameter("@Email", txtEmail.Text))
cmd.Parameters.Add(New OleDbParameter("@Position", comboPosition.Text))
cmd.Parameters.Add(New OleDbParameter("@Education", comboEducation.Text))

con1.Open()
cmd.ExecuteNonQuery()
con1.Close()
您正在将7个参数绑定到一个准备好的语句,该语句实际上没有任何占位符。insert语句(作为原始SQL)碰巧是有效的,但我怀疑语句中不存在的绑定参数是错误的根源。因此,请尝试在准备好的语句中使用占位符:

sqlinsert = "INSERT INTO JobApplicants (Title, ApplicantName,Address, Postcode, Phone, Email, [Position], Education) VALUES (@Title, @ApplicantName, @Address, @Postcode, @Phone, @Email, @Position, @Education)"
Dim cmd As New OleDbCommand(sqlinsert, con1)

cmd.Parameters.Add(New OleDbParameter("@Title", comboTitle.Text))
cmd.Parameters.Add(New OleDbParameter("@ApplicantName", txtApplicant.Text))
cmd.Parameters.Add(New OleDbParameter("@Address", txtAddress.Text))
cmd.Parameters.Add(New OleDbParameter("@Postcode", txtPostcode.Text))
cmd.Parameters.Add(New OleDbParameter("@Phone", txtPhone.Text))
cmd.Parameters.Add(New OleDbParameter("@Email", txtEmail.Text))
cmd.Parameters.Add(New OleDbParameter("@Position", comboPosition.Text))
cmd.Parameters.Add(New OleDbParameter("@Education", comboEducation.Text))

con1.Open()
cmd.ExecuteNonQuery()
con1.Close()
请注意,实际上并没有为申请人的姓名绑定值。因此,我假设在某个地方有一个名为
txtApplicator
的文本框,我们可以访问它的文本属性来获取该值。

使用括号 
位置
是访问中的一个位置

因此,在查询中必须使用方括号

"INSERT INTO JobApplicants(Title, ApplicantName, Address, Postcode, Phone, Email, [Position], ..."
抱歉,我删掉了大量代码,只显示了问题的基本内容,并意外删除了“cmd.Parameters.Add(New OleDbParameter(“@applicationName”,txtpapplicationName.Text)),因此这不是问题所在,如下所述,它是一个保留字的位置,一旦我把它放在方括号里,一切都很好。非常感谢你,我快疯了。当你知道的时候很简单。不!始终使用参数以避免Sql注入。永远不要连接字符串。假设用户在其中一个文本框中输入“Drop Table MCAscheduled”? 
"INSERT INTO JobApplicants(Title, ApplicantName, Address, Postcode, Phone, Email, [Position], ..."