我正在尝试使用 VB 在数据库中插入数据
Im trying to INSERT data on a database with VB
我正在尝试使用带有 OleDbCommand 的 Visual Basic 在 access 数据库中插入数据,但它一直向我返回此错误:
这是我的代码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
myconnection.ConnectionString = connString
Dim sql As String
myconnection.Open()
sql = "INSERT INTO Atletas ( Nome, Contacto, Email, dataNascimento, Morada, idEscalao ) VALUES( " & Text_Nome.Text & "','" & Text_Contacto.Text & "','" & Text_Email.Text & "','" & Data_Picker.Text & "','" & Text_Morada.Text & "','" & Combo_Escalao.Tag & ")"
Dim cmd As OleDbCommand = New OleDbCommand(sql, myconnection)
cmd.ExecuteNonQuery()
myconnection.Close()
End Sub
您缺少两个撇号,一个在开头,另一个在结尾。以分号结尾也是一种很好的做法。试试这个:
sql = "INSERT INTO Atletas ( Nome, Contacto, Email, dataNascimento, Morada, idEscalao ) VALUES( '" & Text_Nome.Text & "','" & Text_Contacto.Text & "','" & Text_Email.Text & "','" & Data_Picker.Text & "','" & Text_Morada.Text & "','" & Combo_Escalao.Tag & "');"
然而,正如 Plutonix 在他的评论中建议的那样:不要连接字符串以生成 SQL。 Use SQL parameters.
首先,我建议你认真看一下使用参数。如您所见,如果您一直在使用参数,就不会出现语法错误。正如史蒂夫指出的那样,它还将消除诸如 O'Hara 或 O'Kelly 等名字的问题。
其次,它还可以保护您免受 SQL 注入攻击 - 请参阅 Bobby Tables。
最后,在使用数据库连接时,实现 using 块是一个很好的做法,以防万一您忘记关闭连接,它会在 using 块的末尾被处理掉。
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Using con As New OleDb.OleDbConnection
con.ConnectionString = "Provider = Microsoft.ACE.OLEDB.12.0;" & _
"Data Source = database path here"
con.Open()
Dim sql As String = "INSERT INTO Atletas (Nome, Contacto, Email, dataNascimento, Morada, idEscalao) VALUES (@nome, @contacto, @email, @datanascimento, @morada, @idescalao);"
Dim sql_insert As New OleDbCommand
With sql_insert
.Parameters.AddWithValue("@nome", Text_Nome.Text)
.Parameters.AddWithValue("@contacto", Text_Contacto.Text)
.Parameters.AddWithValue("@email", Text_Email.Text)
.Parameters.AddWithValue("@datanascimento", Data_Picker.Value.ToString("yyyy/MM/dd")) '''Assuming the value needed is a date only
.Parameters.AddWithValue("@morada", Text_Morada.Text)
.Parameters.AddWithValue("@idescalao", Cstr(Combo_Escalao.Tag))
.CommandText = sql
.Connection = con
.ExecuteNonQuery()
End With
con.close()
End Using
End Sub
我正在尝试使用带有 OleDbCommand 的 Visual Basic 在 access 数据库中插入数据,但它一直向我返回此错误:
这是我的代码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
myconnection.ConnectionString = connString
Dim sql As String
myconnection.Open()
sql = "INSERT INTO Atletas ( Nome, Contacto, Email, dataNascimento, Morada, idEscalao ) VALUES( " & Text_Nome.Text & "','" & Text_Contacto.Text & "','" & Text_Email.Text & "','" & Data_Picker.Text & "','" & Text_Morada.Text & "','" & Combo_Escalao.Tag & ")"
Dim cmd As OleDbCommand = New OleDbCommand(sql, myconnection)
cmd.ExecuteNonQuery()
myconnection.Close()
End Sub
您缺少两个撇号,一个在开头,另一个在结尾。以分号结尾也是一种很好的做法。试试这个:
sql = "INSERT INTO Atletas ( Nome, Contacto, Email, dataNascimento, Morada, idEscalao ) VALUES( '" & Text_Nome.Text & "','" & Text_Contacto.Text & "','" & Text_Email.Text & "','" & Data_Picker.Text & "','" & Text_Morada.Text & "','" & Combo_Escalao.Tag & "');"
然而,正如 Plutonix 在他的评论中建议的那样:不要连接字符串以生成 SQL。 Use SQL parameters.
首先,我建议你认真看一下使用参数。如您所见,如果您一直在使用参数,就不会出现语法错误。正如史蒂夫指出的那样,它还将消除诸如 O'Hara 或 O'Kelly 等名字的问题。
其次,它还可以保护您免受 SQL 注入攻击 - 请参阅 Bobby Tables。
最后,在使用数据库连接时,实现 using 块是一个很好的做法,以防万一您忘记关闭连接,它会在 using 块的末尾被处理掉。
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Using con As New OleDb.OleDbConnection
con.ConnectionString = "Provider = Microsoft.ACE.OLEDB.12.0;" & _
"Data Source = database path here"
con.Open()
Dim sql As String = "INSERT INTO Atletas (Nome, Contacto, Email, dataNascimento, Morada, idEscalao) VALUES (@nome, @contacto, @email, @datanascimento, @morada, @idescalao);"
Dim sql_insert As New OleDbCommand
With sql_insert
.Parameters.AddWithValue("@nome", Text_Nome.Text)
.Parameters.AddWithValue("@contacto", Text_Contacto.Text)
.Parameters.AddWithValue("@email", Text_Email.Text)
.Parameters.AddWithValue("@datanascimento", Data_Picker.Value.ToString("yyyy/MM/dd")) '''Assuming the value needed is a date only
.Parameters.AddWithValue("@morada", Text_Morada.Text)
.Parameters.AddWithValue("@idescalao", Cstr(Combo_Escalao.Tag))
.CommandText = sql
.Connection = con
.ExecuteNonQuery()
End With
con.close()
End Using
End Sub