vb.net Access 2010 的 INSERT INTO 语句中的语法错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19627624/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Syntax error in INSERT INTO statement for Access 2010
提问by user2926827
My INSERT statement apparently has a syntax error. Could someone please explain why that might be?
我的 INSERT 语句显然有语法错误。有人可以解释为什么会这样吗?
Private Sub Register_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Register.Click
Dim StudentNum As String
Dim Password As String
Dim FirstName As String
Dim LastName As String
Dim YrandSec As String
StudentNum = Number.Text()
Password = Pass.Text
FirstName = First.Text
LastName = Last.Text
YrandSec = YrSec.Text()
SQL = "INSERT INTO Accounts(StudNo,Password,FirstName,LastName,YrandSec) VALUES ('" & StudentNum & "', '" & Password & "', '" & FirstName & "', '" & LastName & "', '" & YrandSec & "')" - ERROR HERE
Cmd = New OleDbCommand(SQL, Con)
Con.Open()
objCmd = New OleDbCommand(SQL, Con)
If Repass.Text = Pass.Text = False Then
Re.Text = "*Password didn't match!"
Number.Text = ""
Pass.Text = ""
Repass.Text = ""
Con.Close()
Else
If Number.Text = "" Or Pass.Text = "" Or Repass.Text = "" Or First.Text = "" Or Last.Text = "" Or YrSec.Text = "" Then
MsgBox("Please complete the field", MsgBoxStyle.Information, "Failed to create")
Else
objCmd.ExecuteNonQuery()
Re.Text = ""
MsgBox("Account has been created", MsgBoxStyle.Information, "Congrats!")
For fade = 0.0 To 1.1 Step 0.2
Login.Opacity = fade
Login.Show()
Me.Hide()
Threading.Thread.Sleep(30)
Number.Text = ""
Pass.Text = ""
Repass.Text = ""
First.Text = ""
Last.Text = ""
YrSec.Text = ""
Next
End If
End If
End Sub
回答by Gord Thompson
PASSWORDis a reserved wordin Access SQL, so you need to wrap that column name in square brackets.You really should use a parameterized query to protect against SQL Injectionand generally make your life easier.
PASSWORD是Access SQL 中的保留字,因此您需要将该列名括在方括号中。您确实应该使用参数化查询来防止SQL 注入并通常使您的生活更轻松。
Try something like this
尝试这样的事情
SQL = "INSERT INTO [Accounts] ([StudNo],[Password],[FirstName],[LastName],[YrandSec]) " & _
"VALUES (?, ?, ?, ?, ?)"
Con.Open()
objCmd = New OleDbCommand(SQL, Con)
objCmd.Parameters.AddWithValue("?", StudentNum)
objCmd.Parameters.AddWithValue("?", Password)
objCmd.Parameters.AddWithValue("?", FirstName)
objCmd.Parameters.AddWithValue("?", LastName)
objCmd.Parameters.AddWithValue("?", YrandSec)
回答by aaa
remove those double quotes inside your sql statement.
删除 sql 语句中的那些双引号。
