INSERT into语句中的语法错误。需要帮助 [英] Syntax error in INSERT into statement. Help needed

问题描述

我在使用插入语句时遇到一些问题，我将其用于将字符串插入访问数据库，并且我一直收到INSERT INTO语句中的语法错误。

I am having some trouble with an insert statement I am using to insert strings into an access database and I keep receiving a "Syntax error in INSERT INTO statement."

public void Insert(Person p)
        {
            try
            {
                command.CommandText = "INSERT INTO NewUser(Position, Forename, Surname, [Telephone Number], Username, [Password], [Confirm Password], [Start Date]) VALUES('" + p.PositionPositionCmbx1+ "', '" + p.FirstName_txt1+ "', '" + p.Surname_txt1+ "', '" + p.Telnumber_txt+ "', '" + p.PasswordNU_txt1+ "', '" + p.ConfirmPasswrd_txt1+ "')";
                command.CommandType = System.Data.CommandType.Text;
                connection.Open();
                command.ExecuteNonQuery();
            }
            catch (Exception ex)
            {
                System.Windows.Forms.MessageBox.Show(ex.Message);
            }
            finally
            {
                connection.Close();
            }
        }

我的尝试：



在插入语句中放置[]所有值

What I have tried:

Putting [] around all values in the insert statement

推荐答案

传递的值少于提到的列数。您的INSERT查询需要8个值，但您只传递6个值。首先纠正这个问题。



其次，将查询放在字符串变量中，看看要评估的实际查询是什么。如下所示 -

You are passing less number of values than the mentioned numbers of columns. Your INSERT query expects 8 values but you are passing only 6 values. First correct that.

Secondly, put your query in a string variable and see what is the actual query being evaluated to. Something like following-

string query ="INSERT INTO NewUser(Position, Forename, Surname, [Telephone Number], Username, [Password], [Confirm Password], [Start Date]) VALUES('" + p.PositionPositionCmbx1+ "', '" + p.FirstName_txt1+ "', '" + p.Surname_txt1+ "', '" + p.Telnumber_txt+ "', '" + p.PasswordNU_txt1+ "', '" + p.ConfirmPasswrd_txt1+ "')";

< b>更新

以上只是为了简单起见并仅使用您的代码。但您的代码非常容易 SQL Injection [ ^ ]。最好的事情是你不需要重新发明轮子，而只需要做一些小改动即可。请查看以下链接以获取进一步的帮助我强烈建议检查并告诉我是否可以帮助实施。

[ ^ ]



如果您仍然需要帮助，请告诉我们：）

UPDATE
The above is just to keep things simple and used your code only. But your code is seriously prone to SQL Injection[^]. And the best thing is you don't need to reinvent the wheel rather just some minor changes can do the job. Please check following links for further help. I strongly recommend to check and let me know if I can help in implementing that.
Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

If you still need help, please let me know :)

这篇关于INSERT into语句中的语法错误。需要帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！