我在数据库中插入新记录时出错。任何帮助请 错误是“INSERT INTO语句中的语法错误。” 好吧,我添加完整的语法。INSERT INTO语句中的语法错误vb2008
Dim dbCommand As OleDbCommand
Dim DBConn As OleDbConnection
Dim DBInsert As New OleDbCommand()
myword = "عابد"
mypronounce = "عابِد [عا + بِد]"
mylanguage = "(عربی)"
mysiga = "( مذکر - واحد )"
mymuradifat = "زاہِد, پُجاری, مُتَّقی, پارْسا, نیک, صالِح, تَپَسّی, ذاکِر, سَنْت, صُوفی, خُدا پَرَسْت"
myenglish = "An adorer, worshipper, votary, devotee "
mymurakbat = "لَکھْنَوی دَبِسْتان, لَکھْنَوی سِکُول"
myword = Replace(myword, "'", "''")
mypronounce = Replace(mypronounce, "'", "''")
mylanguage = Replace(mylanguage, "'", "''")
mysiga = Replace(mysiga, "'", "''")
mymuradifat = Replace(mymuradifat, "'", "''")
myenglish = Replace(myenglish, "'", "''")
mymurakbat = Replace(mymurakbat, "'", "''")
' & "(word,pronounce,language,siga,mutradifat,english,murakabat) " _
DBConn = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & mypath & ";Jet OLEDB:Database Password=xxxxxxxx;")
DBInsert.CommandText = "Insert Into data " _
& "(word,pronounce,language,siga,mufradat,english,murakabat) " _
& "Values (" _
& "'" & myword & "', " _
& "'" & mypronounce & "', " _
& "'" & mylanguage & "', " _
& "'" & mysiga & "', " _
& "'" & mymuradifat & "', " _
& "'" & myenglish & "', " _
& "'" & mymurakbat & "')"
DBInsert.Connection = DBConn
DBInsert.Connection.Open()
DBInsert.ExecuteNonQuery()
DBConn.Close()
是的,这是真的旧学校的代码,并受到SQL注入攻击 – 2012-03-20 14:37:04
需要看到错误信息。 – javram 2012-03-20 14:37:48
说真的 - 你应该**总是**使用参数化查询 - 现在每个人都应该知道,我会想! [看看这个伟大的漫画](http://xkcd.com/327/)和[阅读更多关于参数化查询](http://www.codinghorror.com/blog/2005/04/give-me-parameterized -sql-or-give-me-death.html) – 2012-03-20 14:40:29