INSERT INTO语句中的语法错误c#.net Winforms Devexpress？

Question

我从DateEdit获取日期并尝试存储到Access数据库.但它显示这样的错误

Syntax error in INSERT INTO statement.

我的插入语句是这样的

 OleDbCommand top = new OleDbCommand("INSERT INTO invoice(invoice_number,order_number,customername,status,subtotal,tax,total,date) VALUES (" + inno + "," + odrno + ",'" + name + "','"+ chk1 +"' ,"+ subtottal +","+ tax +","+total+",'"+date+"')", conn);
 top.ExecuteNonQuery();

除了日期剩余值存储成功但我如何存储日期？

我得到这样的约会 DateTime date = dateEdit1.DateTime;

帮我.

Answer 1

DATE是一个reserved keyword用于Microsoft Access.你应该像方括号一样使用它[DATE]

你应该总是使用parameterized queries.这种字符串连接是开放的SQL Injection攻击.

OleDbCommand top = new OleDbCommand(@"INSERT INTO invoice(invoice_number,order_number,customername,status,subtotal,tax,total,[date]) 
                                     VALUES (@invoice_number, @order_number, @customername, @status, @subtotal, @tax, @total, @date)", conn);
top.Parameters.AddWithValue("@invoice_number", inno);
top.Parameters.AddWithValue("@order_number", odrno);
top.Parameters.AddWithValue("@customername", name);
top.Parameters.AddWithValue("@status", chk1);
top.Parameters.AddWithValue("@subtotal", subtotal);
top.Parameters.AddWithValue("@tax", text);
top.Parameters.AddWithValue("@total", total);
top.Parameters.AddWithValue("@date", date);

作为一般建议,请勿在数据库中使用保留关键字作为标识符和对象名称.