1. 首页
  2. 问答
  3. 人物SQL语句错误结束后

人物SQL语句错误结束后

2016-04-14 84 views
0

首先,我开始我的代码:人物SQL语句错误结束后

  Comm2 = "INSERT INTO [Results]" _ 
       & "([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs], [TargetFilter])" _ 
       & " values('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 

      Comm3 = "INSERT INTO [Test]" _ 
       & "([TestID], [Date], [MachineID], [RadiographerID])" _ 
       & " values('" & CInt(NewRID) & " ', '" & todaysdate & " ', '" & 1 & " ', '" & UserID & " ',)"

但是这些表在数据库中有关这个没有工作,所以不得不在同一时间改变他们,所以我目前正在此:

  Comm2 = "INSERT INTO [Results] ([ResultsID],[TestID],[Tickness],[SNR],[STD],[M1],[M2],[kVp],[mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "');" _ 
       & "INSERT INTO [Test] ([TestID], [Date[, [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CStr(UserID) & "')" 
      OleDbInsertCommand.Connection = conn 
      OleDbInsertCommand.CommandText = Comm2 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery()

而且我收到此错误: https://gyazo.com/36aa32cbfb0f54bbe571f6a9384114e1

  Comm2 = "INSERT INTO [Results] ([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 
      comm3 = " INSERT INTO [Test] ([TestID], [Date], [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CInt(UserID) & "')" 

      OleDbInsertCommand.Connection = conn 
      OleDbInsertCommand.CommandText = comm3 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery() 
      OleDbInsertCommand.CommandText = Comm2 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery()

来源

2016-04-14 Tom Davis

+1

如果您使用SQL参数,而不是将字符串的位粘合在一起,那么问题很可能会消失。 – Plutonix

+0

嘿,我刚刚搜索了“SQL参数”,找不到任何看起来相似的东西,你有没有一个很好的链接,我可以把我的知识抛诸脑后,或者有一个例子吗? –

+0

https://msdn.microsoft.com/en-us/library/system.data.oledb.oledbparameter(v=vs.110).aspx并在此处输入约1-2百万Q – Plutonix

回答

1 
 Comm2 = "INSERT INTO [Results] ([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 
     comm3 = " INSERT INTO [Test] ([TestID], [Date], [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CInt(UserID) & "')" 

     OleDbInsertCommand.Connection = conn 
     OleDbInsertCommand.CommandText = comm3 
     adapter2.InsertCommand = OleDbInsertCommand 
     adapter2.InsertCommand.ExecuteNonQuery() 
     OleDbInsertCommand.CommandText = Comm2 
     adapter2.InsertCommand = OleDbInsertCommand 
     adapter2.InsertCommand.ExecuteNonQuery()

来源

2016-04-14 19:48:29

+0

答案通常会告诉我们为什么这是一个答案。使用参数来避免sql注入和格式化问题。 – LarsTech

相关问题

 相关问题