If String.IsNullOrWhiteSpace(txtadmin.Text) Or String.IsNullOrWhiteSpace(txtname.Text) Or String.IsNullOrWhiteSpace(txtcourse.Text) Or String.IsNullOrWhiteSpace(txtic.Text) Or String.IsNullOrWhiteSpace(txtgender.Text) Or String.IsNullOrWhiteSpace(txtaddress.Text) Or String.IsNullOrWhiteSpace(txtbirth.Text) Or String.IsNullOrWhiteSpace(txttel.Text) Or String.IsNullOrWhiteSpace(txtemail.Text) Or String.IsNullOrWhiteSpace(txttpye.Text) Then
MessageBox.Show("Please complete the on the box.", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Exit Sub
End If
Dim Conn As System.Data.OleDb.OleDbConnection
Dim ConnectionString As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\temp\Database1.accdb"
Conn = New System.Data.OleDb.OleDbConnection(ConnectionString)
Try
If Conn.State = ConnectionState.Open Then Conn.Close()
Conn.Open()
Dim sql As String = "INSERT INTO tbl_info ([AdminNo],UserName, [Course Title], ICNo, Gender, Address, [Data of Birth], TelNo, Email, Type) values ('" & txtname.Text & "', '" & txtadmin.Text & "', '" & txtcourse.Text & "', '" & txtic.Text & "', '" & txtgender.Text & "', '" & txtaddress.Text & "','" & txtbirth.Text & "', '" & txttel.Text & "', '" & txtemail.Text & "', '" & txttpye.Text & "')"
Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql)
sqlCom.Connection = Conn
Dim result As Integer = sqlCom.ExecuteNonQuery
sqlCom.Dispose()
Conn.Close()
查询表达式中存在"语法错误(缺失错误)" 233 sangkeng st#6-12(s' 451233')""这一行的错误:
Dim result As Integer = sqlCom.ExecuteNonQuery
但在地址我无论如何写得像 ggghh 它可以得到它
If result > 0 Then
MessageBox.Show("Successfully created.")
Else
MessageBox.Show("Failure to create.")
End If
txtname.Text = ""
txtadmin.Text = ""
txtcourse.Text = ""
txtic.Text = ""
txtgender.Text = ""
txtaddress.Text = ""
txtbirth.Text = ""
txttel.Text = ""
txtemail.Text = ""
txttpye.Text = ""
txtadmin.Focus()
'Catch ex As Exception
'MessageBox.Show("Failed to connect to Database..", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
'End Try
答案 0 :(得分:2)
您没有考虑数据中的单引号。 不要使用字符串连接在查询中包含字段!它不仅会让您对此类错误感到开放,而且还会出现一些非常糟糕的安全问题。
Dim Result As Integer
Dim sql As String = "INSERT INTO tbl_info ([AdminNo],UserName, [Course Title], ICNo, Gender, Address, [Data of Birth], TelNo, Email, Type) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
Using conn As New OleDbConnection("connection string here"), _
cmd As New OleDbCommand(sql, conn)
'I'm guessing at the DB types here. Use the actual types from your database.
cmd.Parameters.Add("AdminNo", OleDbType.VarChar, 5).Value = txtadmin.Text
cmd.Parameters.Add("UserName", OleDbType.VarChar, 12).Value = txtname.Text
cmd.Parameters.Add("Course Title", OleDbType.VarChar, 20).Value = txtcourse.Text
cmd.Parameters.Add("ICNo", OleDbType.VarChar, 5).Value = txtic.Text
cmd.Parameters.Add("Gender", OleDbType.Char, 1).Value = txtgender.Text
cmd.Parameters.Add("Address", OleDbType.VarChar, 40).Value = txtaddress.Text
cmd.Parameters.Add("Date of Birth", OleDbType.DateTime).Value = CDate(txtbirth.Text)
cmd.Parameters.Add("TelNo", OleDbType.VarChar, 12).Value = txttel.Text
cmd.Parameters.Add("Email", OleDbType.VarChar, 30).Value = txtemail.Text
cmd.Parameters.Add("Type", OleDbType.VarChar, 5).Value = txttpye.Text
conn.Open()
result = cmd.ExecuteNonquery()
End Using
旁注:我实际上并没有使用带空格的列名,所以我不确定我在上面几个地方的Parameters.Add()调用的第一个参数的格式是否正确。在这种情况下,您可能仍需要使用带有名称的方括号。