我正在使用 Azure 托管我的数据库。我发现这个问题最常见的解决方案都与 SQL 查询中的错误数据有关。我正在使用参数,所以我认为这不会成为问题。我的输入数据不包含 SQL 可以识别查询的任何字符。我很困惑。这是我的代码。
Public Function camp_UploadScoutRecord(ByVal recordID As String, ByVal requirementsID As String, ByVal scoutID As String, _
ByVal scoutName As String, Optional ByVal unitType As String = "", Optional ByVal unitNumber As String = "", Optional ByVal district As String = "", _
Optional ByVal council As String = "", Optional ByVal street As String = "", Optional ByVal city As String = "", Optional ByVal campName As String = "", Optional ByVal req1 As String = "", Optional ByVal req2 As String = "", _
Optional ByVal req3 As String = "", Optional ByVal req4 As String = "", Optional ByVal req5 As String = "", Optional ByVal req6 As String = "", Optional ByVal req7 As String = "", _
Optional ByVal req8 As String = "", Optional ByVal req9 As String = "", Optional ByVal req10 As String = "", Optional ByVal req11 As String = "", Optional ByVal req12 As String = "", _
Optional ByVal req13 As String = "", Optional ByVal req14 As String = "", Optional ByVal req15 As String = "", Optional ByVal req16 As String = "", Optional ByVal req17 As String = "", _
Optional ByVal req18 As String = "", Optional ByVal req19 As String = "", Optional ByVal req20 As String = "", Optional ByVal req21 As String = "", Optional ByVal req22 As String = "", _
Optional ByVal badgeComplete As String = "", Optional ByVal badgeName As String = "", Optional ByVal subscriberID As String = "") As String Implements IMastersheetUpload.camp_UploadScoutRecord
Dim newRecordID As String
Dim dateToday As Date = Date.Today
newRecordID = Guid.NewGuid.ToString()
Dim selectcmd As New SqlCommand("SELECT * FROM campMeritBadgeRecords WHERE meritBadgeRequirementsID = @ID", myconn)
Dim sqlParam As New SqlParameter("@ID", newRecordID)
selectcmd.Parameters.Add(sqlParam)
Dim ds As New DataSet()
Dim da As New SqlDataAdapter(selectcmd)
da.Fill(ds)
'Find an unused recordID for this record
'If the GUID already exists in the database, then generate new one
If ds.Tables(0).Rows.Count <> 0 Then
While ds.Tables(0).Rows.Count <> 0
newRecordID = Guid.NewGuid.ToString()
da.Fill(ds)
End While
End If
Dim insertCMD As New SqlCommand("INSERT INTO campMeritBadgeRecords " + _
"VALUES (@recordID," + _
"@meritBadgeRequirementsID," + _
"@scoutID," + _
"@lastUpdated," + _
"@scoutName," + _
"@unitType," + _
"@unitNumber," + _
"@district," + _
"@council," + _
"@street," + _
"@city," + _
"@req1Complete," + _
"@req2Complete," + _
"@req3Complete," + _
"@req4Complete," + _
"@req5Complete," + _
"@req6Complete," + _
"@req7Complete," + _
"@req8Complete," + _
"@req9Complete," + _
"@req10Complete," + _
"@req11Complete," + _
"@req12Complete," + _
"@req13Complete," + _
"@req14Complete," + _
"@req15Complete," + _
"@req16Complete," + _
"@req17Complete," + _
"@req18Complete," + _
"@req19Complete," + _
"@req20Complete," + _
"@req21Complete," + _
"@req22Complete," + _
"@badgeComplete," + _
"@campName," + _
"@badgeName," + _
"@uploadSubscriberID);", myconn)
With insertCMD.Parameters
'Record Info
.AddWithValue("@recordID", newRecordID)
.AddWithValue("@meritBadgeRequirementsID", requirementsID)
'Scout Info
.AddWithValue("@scoutID", scoutID)
.AddWithValue("@lastUpdated", Date.Today.ToString)
.AddWithValue("@scoutName", scoutName)
.AddWithValue("@unitType", unitType)
.AddWithValue("@unitNumber", unitNumber)
.AddWithValue("@district", district)
.AddWithValue("@council", council)
.AddWithValue("@street", street)
.AddWithValue("@city", city)
'Merit Badge Completion Info
.AddWithValue("@req1Complete", req1)
.AddWithValue("@req2Complete", req2)
.AddWithValue("@req3Complete", req3)
.AddWithValue("@req4Complete", req4)
.AddWithValue("@req5Complete", req5)
.AddWithValue("@req6Complete", req6)
.AddWithValue("@req7Complete", req7)
.AddWithValue("@req8Complete", req8)
.AddWithValue("@req9Complete", req9)
.AddWithValue("@req10Complete", req10)
.AddWithValue("@req11Complete", req11)
.AddWithValue("@req12Complete", req12)
.AddWithValue("@req13Complete", req13)
.AddWithValue("@req14Complete", req14)
.AddWithValue("@req15Complete", req15)
.AddWithValue("@req16Complete", req16)
.AddWithValue("@req17Complete", req17)
.AddWithValue("@req18Complete", req18)
.AddWithValue("@req19Complete", req19)
.AddWithValue("@req20Complete", req20)
.AddWithValue("@req21Complete", req21)
.AddWithValue("@req22Complete", req22)
.AddWithValue("@badgeComplete", badgeComplete)
.AddWithValue("@campName", campName)
.AddWithValue("@badgeName", badgeName)
.AddWithValue("@uploadSubscriberID", subscriberID)
End With
insertCMD.ExecuteNonQuery()
myconn.Close()
'Return recordID to tablet software for future record updates
Return newRecordID
最佳答案
我认为你在插入语句中犯了错误。
表名 campMeritBadgeRecords 和 values 在插入语句中组合,因此您必须在表名 campMeritBadgeRecords 后添加额外的空格
所以你的陈述将是这样的
Dim insertCMD As New SqlCommand("INSERT INTO campMeritBadgeRecords values" + _
关于SQL 使用参数化 SQL 时, ","附近的语法不正确,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21106602/