错误:
Incorrect Syntax near 's'. unclosed quotation mark after the charater string ');'.
代码:
private void btnAdd_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(global::CIMT.Properties.Settings.Default.Database2ConnectionString);
try
{
string sql = "INSERT INTO Students(Student_Id,First_Name,Last_Name,Fathers_Name,DOB,Mobile,Address,Post_Code) VALUES('"+this.txtId.Text+"','"+this.txtFName.Text+"','"+this.txtLName.Text+"','"+this.txtFaName.Text+"','"+this.txtDOB.Text+"','"+this.txtMob.Text+"','"+this.txtAddress.Text+"','"+this.txtPostCode.Text+ "');";
SqlCommand exesql = new SqlCommand(sql, cn);
cn.Open();
exesql.ExecuteNonQuery();
MessageBox.Show("Add new record done !!" , "Message" , MessageBoxButtons.OK , MessageBoxIcon.Information);
this.studentsTableAdapter.Fill(this.database2DataSet.Students);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message , "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
cn.Close();
}
}
最佳答案
像评论中的人告诉你的那样使用参数化查询,不仅可以避免错误,还可以帮助你避免 SQL 注入(inject)。
private void btnAdd_Click(object sender, EventArgs e)
{
var cnString = global::CIMT.Properties.Settings.Default.Database2ConnectionString;
using (SqlConnection cn = new SqlConnection(cnString))
{
try
{
cn.Open();
using (var exesql = new SqlCommand(
@"INSERT INTO Students(Student_Id
,First_Name
,Last_Name
,Fathers_Name
,DOB
,Mobile
,Address
,Post_Code)
VALUES(@Student_Id
,@First_Name
,@Last_Name
,@Fathers_Name
,@DOB
,@Mobile
,@Address
,@Post_Code);",
cn))
{
exesql.Parameters.AddWithValue("@Student_Id", this.txtId.Text);
exesql.Parameters.AddWithValue("@First_Name", this.txtFName.Text);
exesql.Parameters.AddWithValue("@Last_Name",this.txtLName.Text );
exesql.Parameters.AddWithValue("@Fathers_Name", this.txtFaName.Text);
exesql.Parameters.AddWithValue("@DOB", this.txtDOB.Text);
exesql.Parameters.AddWithValue("@Mobile", this.txtMob.Text);
exesql.Parameters.AddWithValue("@Address", this.txtAddress.Text);
exesql.Parameters.AddWithValue("@Post_Code", this.txtPostCode.Text);
exesql.ExecuteNonQuery();
MessageBox.Show("Add new record done !!" , "Message" , MessageBoxButtons.OK
, MessageBoxIcon.Information);
this.studentsTableAdapter.Fill(this.database2DataSet.Students);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message , "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
关于c# - 使用mysql插入数据时出现语法错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26201049/