MS Access数据库的Syntex错误 [英] Syntex error of MS Access Database

问题描述

using System.Windows.Forms;
namespace Database_Access
{
    public class Connection
    {
        OleDbConnection oldb;
        OleDbCommand command;
        public Connection()
        {
            oldb = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\\abc.mdb;");
            //command = oldb.CreateCommand();
        }
        public void insert_query(String user_id, String user_password)
        {
            try
            {
                oldb.Open();
                String sql = "INSERT INTO info(ID,Password) values(" + user_id + "," + user_password + ")";
                command = new OleDbCommand(sql, oldb);
              /*  command.CommandText = "INSERT INTO info(ID,Password) values('" + user_id + "','" + user_password + "')";
                command.CommandType = CommandType.Text;*/

                command.ExecuteNonQuery();
                MessageBox.Show("Insert Successfully");

            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            finally
            {
                oldb.Close();
            }
        }
    }
}

当我运行此代码时，它在insert into语句中显示语法错误。

如何解决这个问题？

When I run this code, it shows syntax error in insert into statement.
How do I solve this?

推荐答案

评论的SQL更接近你想要的，尽管你应该真的避免使用字符串连接使用参数，查找SQL注入攻击。

The commented SQL is closer to what you want, although you should really avoid string concatenation in favor of using parameters, look up SQL injection attacks.

String sql = "INSERT INTO info(ID,Password) values('" + user_id + "','" + user_password + "')";

注意'在命令中？它们包含字符串值。



此外，请确保您在表中使用ID作为用户ID，很多人都将主键ID命名为整数。

Notice the ' in the command? They surround string values.

Also, make sure that you are using ID as your User ID in your table, a lot of people name the primary key ID which is usually an integer.

这篇关于MS Access数据库的Syntex错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！