每当我呼吁以下CommandText
的“ExecuteNonQuery
”命令,我得到上面的SQLException的SQLException:不正确的语法附近“2”
myCommand.CommandText = "INSERT INTO fixtures (round_id, matchcode, date_utc, time_utc, date_london, time_london, team_A_id, team_A, team_A_country, team_B_id, team_B, team_B_country, status, gameweek, winner, fs_A, fs_B, hts_A, hts_B, ets_A, ets_B, ps_A, ps_B, last_updated) VALUES (" _
& round_id & "," & match_id & "," & date_utc & ",'" & time_utc & "'," & date_london & ",'" & time_london & "'," & team_A_id & ",'" & team_A_name & "','" & team_A_country & "'," & team_B_id & ",'" & team_B_name & "','" & _
team_B_country & "','" & status & "'," & gameweek & ",'" & winner & "'," & fs_A & "," & fs_B & "," & hts_A & "," & hts_B & "," & ets_A & "," & ets_B & "," & ps_A & "," & ps_B & "," & last_updated & ")"
但每当我删除最后一个表项 - “LAST_UPDATED”错误消失。请帮我解决这个问题。有没有对datetime
字段给予特殊待遇?
感谢您的帮助
为什么啊,为什么人们仍然没有使用参数化查询。你让你的生活变得非常困难,更不要说打开自己的SQL注入攻击。 – RPM1984 2010-12-21 02:32:04
请向我们展示所有文本串联的结果。答案可能很明显。 – 2010-12-21 02:47:14
我知道有关SQL注入攻击以及什么时候暴露给他们。非条目不是来自表单上的文本框,它们全部来自订阅的足球比赛的XML提要。所以没有注射风险。无论如何,我已经使用存储过程,它的工作。 – 2010-12-22 06:52:42