-1 c# sql-server syntax-error visual-studio-2010
我试图在Visual Studio中创建一个表单,将数据插入到我的Microsoft sql server中,一切都很好,直到我提交数据.它说我的cmd.ExecuteNonQuery()之后的语法不正确; 线.我查看了其他问题,这些问题对我的问题提出了类似的问题,并尝试根据这些答案对我的代码进行更改,但我仍然收到错误.我不确定是什么问题.请彻底解释,我还是学生:)
这是我有的:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MEL_DEVConnectionString"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
con.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("insert into mel_line(RULENAME, MFG, DESCRIPT, DEVICE, CODE_2D, MODEL, EVALUATION, GOOD_PATH, GOOD_CLEANSE, NON_DEPLOY_PATH, NON_DEPLOY_CLEANSE, CRITICAL_NOTES, GOOD_COSMETICS, GOOD_BOM, GOOD_SPEC, GOOD_THRESHOLD, AUTHORIZED_BY, ACCT_CODE, LINE_STATUS) values('" + RULENAME.Text + "','" + MFG.Text + "','" + DESCRIPT.Text + "','" + DEVICE.Text + "','" + CODE_2D.Text + "','" + MODEL.Text + "','" + EVALUATION.Text + "','" + GOOD_PATH.Text + "','" + GOOD_CLEANSE.Text + "','" + NON_DEPLOY_PATH.Text + "','" + NON_DEPLOY_CLEANSE.Text + "','" + CRITICAL_NOTES.Text + "','" + GOOD_COSMETICS.Text + "','" + GOOD_BOM.Text + "','" + GOOD_SPEC.Text + "','" + GOOD_THRESHOLD.Text + "','" + AUTHORIZED_BY.Text + "','" + ACCT_CODE.Text + "','" + LINE_STATUS.Text + "',) ", con);
cmd.ExecuteNonQuery();
con.Close();
Label1.Visible = true;
Label1.Text = "New Row In MEL Added Successfully!";
RULENAME.Text = "";
MFG.Text = "";
DESCRIPT.Text = "";
DEVICE.Text = "";
CODE_2D.Text = "";
MODEL.Text = "";
EVALUATION.Text = "";
GOOD_PATH.Text = "";
GOOD_CLEANSE.Text = "";
NON_DEPLOY_PATH.Text = "";
NON_DEPLOY_CLEANSE.Text = "";
CRITICAL_NOTES.Text = "";
GOOD_COSMETICS.Text = "";
GOOD_BOM.Text = "";
GOOD_SPEC.Text = "";
GOOD_THRESHOLD.Text = "";
AUTHORIZED_BY.Text = "";
ACCT_CODE.Text = "";
LINE_STATUS.Text = "";
}
}
我认为,在查询结束时你不需要,因为在它之后没有插入值;
LINE_STATUS.Text + "',) "
部分.只需删除,部分即可解决您的问题.
您应该始终使用参数化查询.这种字符串连接对SQL注入攻击是开放的.还可以使用usingstatement自动处理连接和命令,而不是Close手动调用方法.
using(var con = new SqlConnection(ConfigurationManager.ConnectionStrings["MEL_DEVConnectionString"].ConnectionString))
using(var cmd = con.CreateCommand())
{
// Set your CommandText with parameter names.
// Add your parameter name and their values with Add method in your command
// Open your connection
// Execute your command
}
| 归档时间: |
|
| 查看次数: |
104 次 |
| 最近记录: |