如何纠正我的运行时错误 [英] how to correct my runtime error

问题描述

我的插入查询是

my insert query is

Private Sub addnew_Click()
str = "insert into profile(rollno,fathername,occupation,contactno,mothername,mother's occupation,annualincome,religion,caste,address,city,state)values(" & rno.Text & ", ' " & fname.Text & " ',' " & occu.Text & " ',' " & cno.Text & " ' ,' " & mname.Text & " ',' " & occupation.Text & " ', ' " & ain.Text & " ', ' " & religion.Text & " ', ' " & caste.Text & " ', ' " & address.Text & " ',' " & city.Text & " ',' " & state.Text & " ')"
cn.Execute (str)
MsgBox ("DETAILS ADDED ")
End Sub

执行此操作时出现运行时错误，
任何人都可以帮助纠正此运行时错误.
提前感谢.........

while executing this i got a runtime error,
can anyone help in correcting this runtime error.
THANKS IN ADVANCE............

推荐答案

您 真的 是您的名字吗?专栏母亲的职业"?

我很惊讶SQL Server允许您这样做.如果这样做了，则需要将其括在"["和]"字符之间:

Did you really name a column "mother''s occupation"?

I am surprised that SQL server let you do that. If you did, then you will need to enclos it in ''['' and '']'' characters:

str = "insert into profile(rollno,fathername,occupation,contactno,mothername,[mother's occupation],annualincome,religion,caste,address,city,state)...

而且，请勿连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.改为使用参数化查询.

But also, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

这篇关于如何纠正我的运行时错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！