我写了一个连接到MS Access的程序。当我填写字段并向Access添加新项目时,程序失败。例外是“INSERT INTO语句中的语法错误”
以下是相关代码。
****************************************************************
AdoHelper.cs
****************************************************************
using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
using System.Data.OleDb;
namespace Yad2
{
class AdoHelper
{
//get the connection string from the app.config file
//Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Yad2.accdb
static string connectionString = Properties.Settings.Default.DBConnection.ToString();
//declare the db connection
static OleDbConnection con = new OleDbConnection(connectionString);
/// <summary>
/// To Execute queries which returns result set (table / relation)
/// </summary>
/// <param name="query">the query string</param>
/// <returns></returns>
public static DataTable ExecuteDataTable(string query)
{
try
{
con.Open();
OleDbCommand command = new OleDbCommand(query, con);
System.Data.OleDb.OleDbDataAdapter tableAdapter = new System.Data.OleDb.OleDbDataAdapter(command);
DataTable dt = new DataTable();
tableAdapter.Fill(dt);
return dt;
}
catch (Exception ex)
{
throw ex;
}
finally
{
con.Close();
}
}
/// <summary>
/// To Execute update / insert / delete queries
/// </summary>
/// <param name="query">the query string</param>
public static void ExecuteNonQuery(string query)
{
try
{
con.Open();
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(query, con);
command.ExecuteNonQuery();
}
catch (Exception ex)
{
throw ex;
}
finally
{
con.Close();
}
}
/// <summary>
/// To Execute queries which return scalar value
/// </summary>
/// <param name="query">the query string</param>
public static object ExecuteScalar(string query)
{
try
{
con.Open();
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand(query, con); /// here is the Excaption !!!!!!!!!
return command.ExecuteScalar();
}
catch
{
throw;
}
finally
{
con.Close();
}
}
}
}
****************************************************************************
****************************************************************************
DataQueries.cs
****************************************************************************
using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
namespace Yad2
{
class DataQueries
{
public static DataTable GetAllItems()
{
try
{
string query = "Select * from Messages";
DataTable dt = AdoHelper.ExecuteDataTable(query);
return dt;
}
catch (Exception ex)
{
throw ex;
}
}
public static void AddNewItem(string mesNumber, string title , string mesDate , string contactMail , string mesType , string Details )
{
string query = "Insert into Messages values(" + mesNumber + " , '" + title + "' , '" + mesDate + "' , '" + contactMail + "' , , '" + mesType + "' , '" + Details + "')";
AdoHelper.ExecuteNonQuery(query);
}
public static void DeleteDept(int mesNumber)
{
string query = "Delete from Item where MessageNumber=" + mesNumber;
AdoHelper.ExecuteNonQuery(query);
}
}
}
***********************************************************************************************
为什么程序失败?
答案 0 :(得分:4)
当您将字符串放入SQL时,会得到无效的语法
如果其中一个字符串包含',则会发生这种情况。
您需要使用参数。
此外,您的SQL包含, ,,这是无效的语法。
答案 1 :(得分:4)
试试这个
INSERT INTO table (column1, column2, ...)
VALUES ('value1', 'value2', ...)
答案 2 :(得分:1)
string query = "Insert into Messages values(" + mesNumber + " , '" + title + "' , '" + mesDate + "' , '" + contactMail + "' , , '" + mesType + "' , '" + Details + "')";
产量
Insert into Messages
values(
<number> ,
'<title>' ,
'<mesDate>' ,
'<contactMail>' , ,
'<mesType>' ,
'<Details>'
)
注意两个逗号后面有空格。这不是有效的SQL。如果代码中的mesNumber为空值,您也会收到错误的查询。
当Joe White评论他与XKCD#327的链接时,始终清理您的数据库输入!这意味着如果将字符串传递给您的方法,则必须转义所有单引号。
正如SLaks评论的那样,从不使用throw ex;,只需使用throw;
答案 3 :(得分:0)
为什么不在query中简单地打印AddNewItem的值(到调试窗口,控制台,消息框,日志文件......的任何地方!),然后检查消息。那真的应该变得清晰。