语法错误在查询表达式中缺少运算符 [英] syntax error missing operator in query expression

问题描述

String typeoftrans = comboBox1_TransactionType.Text.ToString();
           
            String ondate = DateTime.Now.ToString();
            string desc = textBox2_Description.Text.ToString();
            string amnt = textBox3_Amount.Text.ToString();

          try
            {

                con.Open();
                string Sql = "insert into Account_Transactions(TransactionType,Description,Amount,OnDateTime) values('" +typeoftrans+ ",'" + desc + "','" + amnt + "','" + ondate + "')";

                OleDbCommand cmd1 = new OleDbCommand(Sql, con);

                int temp = cmd1.ExecuteNonQuery();
                if (temp > 0)
                {
                    MessageBox.Show("Transaction done!");
                }
                else
                    MessageBox.Show("error");
            }
            catch (Exception e2)
            {
                MessageBox.Show(e2.ToString());
            }
            finally
            {
                con.Close();
            }

推荐答案

首先！永远不要使用字符串连接来创建查询 - 这会打开你的SQL注入应用程序...

问题是你没有正确处理查询中的引号...

First of all! NEVER use string concatenation to create a query - this opens up your application to SQL injection...
The problem is you are not handling right the quotes in your query...

values('" +typeoftrans+ ",'"

您在值之前打开报价但是只有在逗号后才能关闭...

You are opening a quote before the value but closing it only after the comma...

这篇关于语法错误在查询表达式中缺少运算符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！