插入querry错误 [英] Insert querry errors
问题描述
我在插入语句中遇到错误。这个querry正在access的后端执行。但是从前端我得到的错误就像插入到语句中的语法错误plz帮助我。
所有coloumns的数据类型只是文本。
I am getting error in insert statement. this querry is executing at backend in access.but from front end I am getting error like "syntax error in insert into statement" plz help me.
the datatype of all coloumns are text only.
OleDbCommand cmd1 = new OleDbCommand("INSERT into " + main1.text + "marketdetails(comame,date1,open,low,high,close,vol)values('"+strticker+"','" + strdte + "'," + strOpen + "," + strLow + "," + strHigh + "," + strClose + "," + strVol + ")", conn);
conn.Open();
cmd1.ExecuteNonQuery();
conn.Close();
推荐答案
这里有一些事情,这使得这个行动很糟糕,并导致你的问题。 />
直接问题是你的字符串可能是错误的:
There are a couple of things here, that make this a bad move, and cause your problem.
The immediate problem is that your string may be wrong:
"INSERT into " + main1.text + "marketdetails(...
假设main1.Text包含MyTable并将字符串连接在一起并且yoy得到字符串
Assume main1.Text contains "MyTable" and concatenate the string together and yoy get the string
"INSERT into MyTablemarketdetails(...这可能是一个问题,具体取决于用户输入的内容。
第二个是你的查询非常危险:它对SQL注入攻击很开放你永远不应该通过连接字符串来构建SQL命令 - 总是使用参数化查询。
This may be a problem depending on what the user types.
The second is that your query is very dangerous: it is wide open to SQL Injection attack. You should never build SQL commands by concatenating strings - always use parametrized queries instead.
OleDbCommand cmd1 = new OleDbCommand("INSERT INTO " + main1.text + "marketdetails(comame,date1,open,low,high,close,vol) VALUES(@TKR, @DAT, @OPN, @LOW, @HGH, @CLS, @VOL)", conn);
cmd1.Parameters.AddWithValue("@TKR", strticker);
cmd1.Parameters.AddWithValue("@DAT", strdte);
cmd1.Parameters.AddWithValue("@OPN", strOpen);
cmd1.Parameters.AddWithValue("@LOW", strLow);
cmd1.Parameters.AddWithValue("@HGH", strHigh);
cmd1.Parameters.AddWithValue("@CLS", strClose);
cmd1.Parameters.AddWithValue("@VOL", strVol);
conn.Open();
cmd1.ExecuteNonQuery();
conn.Close();
就个人而言,我会找到一种方法来消除main1.Text,但这可能会解决你的问题。
Personally, I would find a way to eliminate the main1.Text as well, but that may cure your problem for now.
I thing query未正确指定打开和关闭制动器。请尝试暂时使用此代码
I thing query open and close brakes not specified correctly . pls try use this code temporary
"INSERT into " + main1 + "marketdetails(comame,date1,open,low,high,close,vol)values('" + strticker + "','" + strdte + "','" + strOpen + "','" + strLow + "','" + strHigh + "','" + strClose + "','" + strVol + "')"
但是,总是使用带参数的OleDbCommand
But, always use OleDbCommand with Parameter
这篇关于插入querry错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
