总是有错误...不知道为什么 [英] there is always an error...don't know why

问题描述

我认为我的 Insert into/语法是正确的，但是当我运行项目时总是出现错误...在这段代码中，我试图使用 vb2012 将数据添加到我的数据库 ms access 2013这里的代码...

i think my Insert into/ syntax is correct, but when i run the project there is always an error... in this code i'm trying to add data to my database ms access 2013 using vb2012 here the code...

Private Sub btnadd_Click(sender As Object, e As EventArgs) Handles btnadd.Click

    provider = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
    dataFile = "C:\Users\hp-2\Documents\Visual Studio 2012\Projects\Delta\Delta.mdb"

    connString = provider & dataFile
    cnn.ConnectionString = connString
    cnn.Open()

    cmd.Connection = cnn
    addstring = "insert into Transaction (Customer_Name, Job, Trans_date, Amount ) values (" & C_name.Text & ",'" & C_job.Text.Length & "','" & t_date.Text & "','" & t_amount.Text & "');"
    cmd = New OleDbCommand(addstring, cnn)
    cmd.ExecuteNonQuery()
    cnn.Close()
End Sub

这是错误...

An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll

Additional information: Syntax error in INSERT INTO statement.

推荐答案

我认为如果问题是由于 VALUES 子句中的引用不正确，您会得到不同的错误，条件表达式中的数据类型不匹配"，或者数据库引擎需要参数值但您没有提供的消息.

I think if the problem were due to incorrect quoting in the VALUES clause, you would get a different error, either "data type mismatch in criteria expression", or a message that the db engine expected a parameter value but you supplied none.

我的猜测是语法错误是由于 Transaction 是 保留字.将表名括在方括号中，看看是否有效.

My guess is the syntax error is due to the fact that Transaction is a reserved word. See whether it works when you enclose the table name in square brackets.

insert into [Transaction] (Customer_Name, Job,  ... 

如果该更改消除了错误，我认为您不应就此止步.正如其他人建议的那样，切换到参数查询，而不是将值构建到字符串中并执行该字符串.除了防止 SQL 注入错误之外，参数查询还可以避免 VALUES 子句中的引号引起的并发症.如果你遵循这个建议，你仍然应该把 [Transaction] 括起来.更好的是，如果可能，将表名更改为非保留字.

If that change eliminates the error, I don't think you should stop there. Switch to a parameter query, as others suggested, instead of building values into a string and executing the string. In addition to protection against SQL injection errors, a parameter query would avoid complications with quotes in the VALUES clause. And if you follow that advice, you should still bracket [Transaction]. Better still, change the table name to a non-reserved word if possible.

这篇关于总是有错误...不知道为什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！