这行的语法错误是什么 [英] what is the syntax error in this line

问题描述

Dim str1 As String = " Insert into ticket details values('" & Text1.Text & "'," & Val(Text7.Text) & "," & Val(Text2.Text) & "," & Val(Text3.Text) & ",'" & Text4.Text & "'," & Val(Text5.Text) & "," & Val(Text6.Text) & ")"

这行的语法错误是什么?

what is the syntax error in this line

推荐答案

很多东西:
1)最好将SQL命令关键字都保留为大写:它有助于您识别语句的各个部分.
2)给文本框取一个明智的名称是一个很好的主意:这样就不会混淆它们.在代码中，"tbUserName"比"Text6"更容易阅读-阅读时，您会立即感觉到这是对的". Intellisense将填补空白"，因此几乎不需要额外输入...
3)如果表名包含空格，则最好对它们进行分隔-或最好使用CamelCase表名，这样您根本不需要空格...
4)使用参数化查询是一个很好的主意:您的方法使您容易遭受意外或故意的SQL注入攻击.由于这可能会破坏您的数据库，因此大多数人都尽量避免使用它...
5)输入SQL查询时，建议您遵循语法，并在staemnet中包含字段bname，以使SQL知道将每个元素放在何处...

So many things:
1) It is a good idea to keep SQL command keywords as all upper case: it helps you identify the various parts of the statement.
2) It is a very good idea to give sensible names to your textboxes: that way you don''t get them mixed up. "tbUserName" is much easier to read in code than "Text6" - you get an immediate sense of "is this right" when you read it. Intellisense will "fill in the blanks" so it is almost no extra typing...
3) It is a good idea to delimit your table names if they contain spaces - or preferably use CamelCase table names so you do not need spaces at all...
4) It is a very good idea to use parametrized queries: your way leaves you wide open to an accidental or deliberate SQL Injection attack. Since this could destroy your database, most people try to avoid it...
5) When entering SQL queries, it is recommended that you follow the syntax, and incluyde teh field bnames in your staemnet, so that SQL knows where to put each element...

INSERT INTO mtTable (myColumn, myOtherColumn), VALUES (@MC, @MOC)

试试这个:

Try this:

Dim str1 As String = "INSERT INTO [ticket details] (myColumn, myOtherColumn) VALUES (@MC, @MOC)"
SqlCommand com = new SQLCOmmand(str1, con)
com.Parameters.AddWithValue("@MC", Text1.Text)
com.Parameters.AddWithValue("@MOC", Val(Text7.Text))

在此站点上查看示例:

Look at example at this site: system.data.sqlclient.sqlcommand.parameters.aspx[^]

It may save you a lot of troubles

始终使用string.Format而不是多个&".要循环连接，请始终使用System.Text.StringBuilder，从不&".请记住:字符串是不可变的.根据此信息，您能否理解为什么&"这么大的性能泄漏?

—SA

Always use string.Format instead of multiple "&". To concatenate in cycle, always use System.Text.StringBuilder, never "&". Remember: strings are immutable. Based in this information, can you understand why "&" is such a big performance leak?

—SA

这篇关于这行的语法错误是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！