Dim strSQL As String
strSQL = "INSERT INTO TBLLOGIN (USERNAME,[PASSWORD],DISPLAYNAME,ROLEID,SECRETQUESTION,SECRETANSWER,ISACTIVE,STUDENTNUMBER, APPLICANTID,EMAILADDRESS) "
strSQL += "values( '" & Me.txtUName.Text & "' "
strSQL += ",'" & Me.txtPassword.Text & "' "
strSQL += ",'" & txtFirstName.Text & " " & txtMiddleName.Text & " " & txtLastName.Text & "' "
strSQL += ",'" & 6 & "' "
strSQL += ",'" & Me.ddlsecretquestion.SelectedValue & "' "
strSQL += ",'" & Me.txtSecretAnswer.Text & "' "
strSQL += ",'" & "NO" & "' "
strSQL += ",'" & studNumber & "' "
strSQL += "," & studNumber.Replace("SY15000", "") & " "
strSQL += ",'" & Me.txtUName.Text & "') "
Dim cmdQuery As OleDb.OleDbCommand = New OleDb.OleDbCommand(strSQL, AccessConnectionString)
Dim xgen As Integer
cmdQuery.CommandType = Data.CommandType.Text
xgen = cmdQuery.ExecuteNonQuerystrong text
我不知道为什么我在插入声明中得到错误,我检查了保留字,据我所知,密码是那里唯一的保留字。我的猜测是学生编号,因为它是一个字符串,我正在改变这个值。但我仍然不确定。香港专业教育学院通过使用session(studentnumber)尝试了几个解决方案,但仍然没有去。
答案 0 :(得分:0)
遵循此sample使用参数化查询,如此方法:
Public Sub CreateMyOleDbCommand(connection As OleDbConnection, _
queryString As String, parameters() As OleDbParameter)
Dim command As New OleDbCommand(queryString, connection)
command.CommandText = _
"SELECT CustomerID, CompanyName FROM Customers WHERE Country = ? AND City = ?"
command.Parameters.Add(parameters)
Dim j As Integer
For j = 0 To command.Parameters.Count - 1
command.Parameters.Add(parameters(j))
Next j
Dim message As String = ""
Dim i As Integer
For i = 0 To command.Parameters.Count - 1
message += command.Parameters(i).ToString() + ControlChars.Cr
Next i
Console.WriteLine(message)
End Sub
答案 1 :(得分:0)
strSQL += "," & studNumber.Replace("SY15000", "") & " "
应该是
strSQL += ",'" & studNumber.Replace("SY15000", "") & "' "
你缺少引号,因为它是像STUDENTNUMBER这样的字符串。