当我尝试在这三个字段中插入数据时,在INSERT INTO语句中出现错误说错误.但是当只保存在第一个字段sname时它会被添加,但是当添加其他两个获取此错误时,我在INSERT INTO语句检查下面的任何建议中获得异常?
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
Dim dbprovider As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Taher\Documents\Visual Studio 2010\Projects\WindowsApplication1\WindowsApplication1\Database1.accdb;Persist Security Info=False;"
Me.con = New OleDb.OleDbConnection()
con.ConnectionString = dbprovider
con.Open()
Dim sqlquery As String = "INSERT INTO admin (sname,username,password)" + "VALUES ('" & txtname.Text & "','" & txtuser.Text & "','" & txtpass.Text & "');"
Dim sqlcommand As New OleDb.OleDbCommand(sqlquery)
With sqlcommand
.CommandText = sqlquery
.Connection = con
.ExecuteNonQuery()
con.Close()
End With
MsgBox("User Registered")
Catch ex As Exception
MsgBox(ex.ToString)
End Try
End Sub
PASSWORD一词是JET-SQL for Microsoft Access中的保留关键字.如果您有一个具有该名称的列,则应使用方括号将其封装
"INSERT INTO admin (sname,username,[password])" &% _
"VALUES ('" & txtname.Text & "','" & txtuser.Text & _
"','" & txtpass.Text & "');"
这就是语法错误的原因,但是让我告诉你构建sql命令连接字符串是一个非常糟糕的做法.当您的值包含单引号时,您将遇到问题,最糟糕的是,您的代码可用于sql注入攻击
所以你的代码应该以这种方式改变
Dim sqlquery As String = "INSERT INTO admin (sname,username,password)" & _
"VALUES (?, ?, ?)"
Dim sqlcommand As New OleDb.OleDbCommand(sqlquery)
With sqlcommand
.CommandText = sqlquery
.Connection = con
.Parameters.AddWithValue("@p1", txtname.Text)
.Parameters.AddWithValue("@p2", txtuser.Text)
.Parameters.AddWithValue("@p3", txtpass.Text)
.ExecuteNonQuery()
con.Close()
End With
你对OleDbConnection这个对象的使用并没有遵循一个好的模式.如果出现异常,则不会关闭连接,这可能是在后续调用中重用连接时出现的问题.您应该尝试使用Using语句
Using connection = New OleDb.OleDbConnection()
connection.ConnectionString = dbprovider
connection.Open()
.....
' rest of command code here '
' No need to close the connection
End Using
这样,如果您收到异常,OleDbConnection将被关闭并处理,而不会影响系统资源的使用.
| 归档时间: |
|
| 查看次数: |
627 次 |
| 最近记录: |