MSAccess数据插入错误 [英] MSAccess Data insertion Error
本文介绍了MSAccess数据插入错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在C#中的代码是,
my code in C# is ,
private void button1_Click(object sender, EventArgs e)
{
OleDbCommand cmd = new OleDbCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into Student(sname,dob,address,college,course,from,to,via,sdate,edate,ctype,amount) values('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "','" + textBox8.Text + "','" + textBox9.Text + "','" + textBox10.Text + "','" + textBox11.Text + "','" + textBox12.Text + "',)";
cmd.Connection = myconn;
myconn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("Record inserted");
myconn.Close();
}
和数据库表以及我有ID字段的所有字段自动编号类型。 。
它在INSERT INTO语句中显示错误。 ..
and in database table along with all the fields i have ID field with AutoNumber type . .
it is showing error in INSERT INTO statement . ..
推荐答案
删除最后一个逗号:
Remove the last comma :
...
cmd.CommandText = "insert into Student(sname,dob,address,college,course,from,to,via,sdate,edate,ctype,amount) values('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "','" + textBox8.Text + "','" + textBox9.Text + "','" + textBox10.Text + "','" + textBox11.Text + "','" + textBox12.Text + "')"; //<-- here
...
您确实需要了解如何使用参数化查询进行数据库操作。从调试的角度来看,上面发布的内容是一个噩梦,也是一个sql注入攻击的噩梦。请了解正确的方法(搜索谷歌搜索C#参数化查询)。
问题可能在这里:
You really need to learn about using parameterized queries for database operations. What you posted above is a nightmare from a debugging standpoint and from an sql-injection attack one. Please learn the right way to do it (search google for C# parameterized query).
The problem is probably here:
textBox12.Text + "',)";
最后看到额外的逗号?
See the extra comma at the end?
请,请不要这样做!
你应该做四个改变:
1)停止使用控件的VS默认名称。你可能还记得今天textBox9所拥有的内容,但是你在三周内就会失败......并且使用tbMobileNumber这样的合理名称也可以更容易打字(因为Intellisense可以帮助你更快)以及更具可读性,自我记录并且不太容易出错。
2)总是在INSERT语句(和SELECT)中列出要加载的字段 - 特别是当你有一个标识字段时,它会导致很大的问题,如果你不要因为值被插入到db命令的列中 - 这可能会改变。如果有一个标识字段,它将不会尝试跳过它 - 你必须命名它们以便它不会尝试。
3)不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。它还使您的代码更易于阅读,从而更加可靠。
4)删除字段列表末尾的备用逗号,就在关闭括号之前...
Please, please, don't do it like that!
There are four changes you should make:
1) Stop using VS default names for controls. YOu may remember what textBox9 holds today, but you won'y in three weeks time...and using sensible names such as tbMobileNumber also makes it easier to type (because Intellisense helps you out sooner) as well as being more readable, self documenting, and less prone to error.
2) Always list the fields you want to load in the INSERT statement (and the SELECT) - particularly when you have an identity field, it can cause enormous problems if you don't since the values are inserted into the columns in the db order - which may change. And if there is an identity field, it won't try to skip it - you have to name them so it doesn't try.
3) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. It also makes your code easier to read, and thus more reliable.
4) Get rid of the spare comma at the end of the fields list, just before the close bracket...
这篇关于MSAccess数据插入错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
