将数据插入SQL,得到错误我不明白为什么! ? [英] Insert data into SQL, getting an error I don't understand why! ?

查看:99
本文介绍了将数据插入SQL,得到错误我不明白为什么! ?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是一个新的编码器,使用将名字和姓氏插入数据库表。我以为我已经考虑了这个,但是我收到了以下错误。



类型'  System.Data.SqlClient.SqlException'在 > System.Data.dll 
 
附加信息:'  Cooper'。





这是我处理INSERT语句的代码块。



 如果(myConn.State = ConnectionState.Closed)那么 myConn.Open()
  Dim  myNewEntry  As   SqlCommand((  INSERT INTO SCOUTINFO(FIRSTNAME,LASTNAME)
 valu es('& txtFirstName.Text&  '),('& txtLastName.Text&  '),myConn)
 myNewEntry.ExecuteNonQuery()
 结束 如果





我尝试了什么:



我尝试过不同格式的INSERT,并尝试了解是否有更好的插入方法。我见过DATASET的东西,但是不明白,因为我是新的,我正在尝试看似最直接的路径。

解决方案

你的错误是这里:

  Dim  myNewEntry  As  < span class =code-keyword>新 SqlCommand((  INSERT INTO SCOUTINFO(FIRSTNAME,LASTNAME) 
 值('& txtFirstName.Text&  '), ('& txtLastName.Text&  '),myConn)





我的修复:

  Dim  myNewEntry 作为  SqlCommand((  INSERT INTO SCO UTINFO(FIRSTNAME,LASTNAME)
 值('& txtFirstName.Text&  ','& txtLastName.Text&  ')),myConn)


语法错误,解决方案可以在解决方案1中通过casper获得



但您的代码很容易受到< a href =http://www.w3schools.com/sql/sql_injection.asp> SQL注入 [ ^ ]攻击。



始终使用参数化查询以防止SQL注入攻击 [ ^ ] 



  Dim  myNewEntry 作为  SqlCommand(  INSERT INTO SCOUTINFO(FIRSTNAME,LASTNAME)值(@ first,@ last)
 myNewEntry .Parameters.Add(  @ first,txtFirstName.Text)
 myNewEntry.Parameters。添加(  @ first,txtLastName.Text)
 myNewEntry.ExecuteNonQuery()


I'm a new coder, working with inserting a first and last name into a DB table. I thought I had this pretty well thought out, however I'm getting the following error.

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll

Additional information: Incorrect syntax near 'Cooper'.



Here is my Code block handling the INSERT statement.

    If (myConn.State = ConnectionState.Closed) Then myConn.Open()
    Dim myNewEntry As New SqlCommand(("INSERT INTO SCOUTINFO (FIRSTNAME, LASTNAME)
                           values('" & txtFirstName.Text & "'), ('" & txtLastName.Text & "'"), myConn)
    myNewEntry.ExecuteNonQuery()
End If



What I have tried:

I've tried different formats of the INSERT, and tried to understand if there's some better method to do an insert. I've seen DATASET stuff, but don't understand it, and since Im new, I'm trying what seems the most direct path.

解决方案

Your error is here:

Dim myNewEntry As New SqlCommand(("INSERT INTO SCOUTINFO (FIRSTNAME, LASTNAME)
                           values('" & txtFirstName.Text & "'), ('" & txtLastName.Text & "'"), myConn)



My fix:

Dim myNewEntry As New SqlCommand(("INSERT INTO SCOUTINFO (FIRSTNAME, LASTNAME)
                           values('" & txtFirstName.Text & "', '" & txtLastName.Text & "')"), myConn)


the syntax error and the fix is availble in solution1 by casper

but you code is vulnerable to SQL Injection[^] attacks.

always use Parameterized queries to prevent SQL Injection Attacks [^]

Dim myNewEntry As New SqlCommand("INSERT INTO SCOUTINFO (FIRSTNAME, LASTNAME) values(@first,@last)")
     myNewEntry.Parameters.Add("@first", txtFirstName.Text)
     myNewEntry.Parameters.Add("@first", txtLastName.Text)
     myNewEntry.ExecuteNonQuery()


这篇关于将数据插入SQL,得到错误我不明白为什么! ?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆