|
|
我有一个简单的asp.net表单供个人填写。我在这个特定页面上使用的代码可以在其他地方使用,但这个页面给我带来了问题。
- e5 F/ j9 N$ E/ z就是说INSERT句子中有语法错误。你能看到任何问题吗?& c& O/ T6 I$ A# C3 |8 R
点击事件代码:$ \& g; T7 H6 F4 }8 | m
cmdInsert.CommandText = "INSERT INTO Position (Com_ID,Stu_ID,Pos_StartDate,Pos_Type,Pos_Description,Pos_Title) VALUES (' " & ddlCompany.SelectedValue & " ',' " & ddlStudent.SelectedValue & " ',#" & CalStartDate.SelectedDate.Date & "#,' " & ddlPositionType.SelectedValue & " ',' " & txtDescription.Text & " ',' " & txtPositionTitle.Text & " ');"'MsgBox(cmdInsert.CommandText)cmdInsert.CommandType = CommandType.TextcmdInsert.Connection = cnnOLEDBcmdInsert.ExecuteNonQuery()txtPositionTitle.Text = ""txtDescription.Text = "Record inserted."CalStartDate.SelectedDates.Clear()cmdInsert.Dispose()从表单中捕获的数据与数据库中的数据类型对齐。你有什么想法吗?8 R. j _9 G _8 t
这是堆栈跟踪:
3 t# P B6 W2 U( @: x- r[OleDbException (0x80040e14): Syntax error in INSERT INTO statement.] System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) 1081356 System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams,Object& executeResult) 247 System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) 194 System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior,Object& executeResult) 58 System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior,String method) 167 System.Data.OleDb.OleDbCommand.ExecuteNonQuery() 113 Tiger_Recruiting.WebForm3.btnSaveStudentRecord_Click(Object sender,EventArgs e) in C:\Users\Garrett\Downloads\Tiger Recruiting(3)\Tiger Recruiting(3)\Tiger Recruiting(3)\Tiger Recruiting\Tiger Recruiting\position.aspx.vb:28 System.Web.UI.WebControls.Button.OnClick(EventArgs e) 141 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) 149 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) 39 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,String eventArgument) 37 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) 87 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint)
! O& Y, d/ _4 P+ P* E5 g2 Q 解决方案:
$ l- a# x- P3 C4 a/ O6 m 单词POSITION是MS-Access-Jet保留关键字。
$ s2 T9 }- Q' z& _您将其用作表名,因此需要将其用方括号括起来
# F, I2 p3 j. z1 UcmdInsert.CommandText = "INSERT INTO [Position] .......部分原因是你的代码很差。不要使用字符串Cancatenation来构建sql命令。; z2 Q2 z2 c) Q, D& B( q a
当您的输入中有一个单引号或是否有其他字段需要输入值时,这种做法会导致语法错误。但最糟糕的是Sql. o8 F1 X; E" k/ W$ u% _
Injection问题。
! ]0 r# z1 y! a* S j7 K因此,您的代码应以以下方式编写:* `' D9 V2 i* y& `) u' F3 r4 c
cmdInsert.CommandText = "INSERT INTO [Position] (Com_ID,Stu_ID,Pos_StartDate,Pos_Type," " os_Description,Pos_Title) VALUES " "(,,"cmdInsert.Parameters.AddWithValue("@p1",ddlCompany.SelectedValue)cmdInsert.Parameters.AddWithValue("@p2",ddlStudent.SelectedValue)cmdInsert.Parameters.AddWithValue("@p3",CalStartDate.SelectedDate.Date)cmdInsert.Parameters.AddWithValue("@p4",ddlPositionType.SelectedValue)cmdInsert.Parameters.AddWithValue("@p5",txtDescription.Text)cmdInsert.Parameters.AddWithValue("@p6",txtPositionTitle.Text)cmdInsert.Connection = cnnOLEDBcmdInsert.ExecuteNonQuery() |
|
技术问答
76 人阅读
|
0 人回复
|
2023-09-13
