【发布时间】:2014-05-06 04:29:54
【问题描述】:
您好,我有一个无效的 sql 语句错误。这是我的代码:
Imports System.Data.OleDb 'For OleDbConnection
Imports System.Data 'For ConnectionState
Public Class WebForm1
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub btnInsert_Click(sender As Object, e As EventArgs) Handles btnInsert.Click
'1 declare the variables
Dim strName As String = txtName.Text
Dim strAddress As String = txtAddress.Text
'2. creates a new connection to your DB.
Dim conn As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source='C:\Users\GT\Documents\Database11.accdb'")
If conn.State = ConnectionState.Open Then
conn.Close()
End If
'3. open the connection to your DB.
conn.Open()
'4. assign your SQL statement into sqlString variable.
Dim sqlString As String
sqlString = "INSERT INTO tblStuInfo (stuName, stuAddress) VALUES ('" & strName & "' , '" & strAddress & "')"
'5. create a new command that links your SQL statement with your connection.
Dim sqlcommand As New OleDbCommand(sqlString, conn)
'6. execute your command.
sqlcommand.ExecuteNonQuery()
End Sub
End Class
有什么问题?数据库的路径和数据库的表名是正确的。请帮忙!
【问题讨论】:
-
那里有一个 sql 注入错误。使用参数化的 SqlCommand。
-
我该怎么做?顺便说一句,这是我从一本书中学习的教程
-
我怎样才能让我的代码工作?怎么了?
-
我不想使用参数化的SqlCommand,本教程来自一本书。我的代码有什么问题?我正确地遵循了它,但得到了那个错误