为什么我得到关于INSERT INTO的语法错误？

Question

我遇到了运行我的Visual Basic应用程序的问题。当我尝试将数据添加到我的DataGridView时，我得到了syntax error INSERT INTO。

这里是下面的代码，你能告诉我它有什么问题吗？

Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click 
    Dim cmd As New OleDb.OleDbCommand 
    If Not cnn.State = ConnectionState.Open Then 
     'open connection if it is not already opened 
     cnn.Open() 
    End If 
    'new connection 
    cmd.Connection = cnn 
    'check whether to add new or update 
    If Me.txtEmployeeID.Tag & "" = "" Then 
     'add new 
     'add new data to table 
     cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, Date, Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _ 
     " VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _ 
     Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _ 
     Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')" 
     cmd.ExecuteNonQuery() 
    Else 
     'update data in table and execute 
     cmd.CommandText = "UPDATE Attendance" & _ 
      " SET EmployeeID =" & Me.txtEmployeeID.Text & _ 
      ", FirstName ='" & Me.txtFirstName.Text & "'" & _ 
      ", LastName ='" & Me.txtLastName.Text & "'" & _ 
      ", Date ='" & Me.txtdate.Text & "'" & _ 
      ", Holiday ='" & Me.txtHoliday.Text & "'" & _ 
      ", HalfDay='" & Me.txtHalfDay.Text & "'" & _ 
      ", Other='" & Me.txtOther.Text & "'" & _ 
      ", Unpaidholiday='" & Me.txtUnpaidHoliday.Text & "'" & _ 
      ", DaysTaken='" & Me.txtDaysTaken.Text & "'" & _ 
      ", DateFrom='" & Me.DateTimePicker1.Text & "'" & _ 
      ", DateTo='" & Me.DateTimePicker2.Text & "'" & _ 
      " WHERE employeeID =" & Me.txtEmployeeID.Tag 
     cmd.ExecuteNonQuery() 
    End If 
    'refresh data in table list 
    refreshdata() 
    'clear form 
    Me.btnclear.PerformClick() 
    'close connection 
    cnn.Close() 
End Sub 

Answer 1

问题是Word DATE在许多数据库中都是保留关键字。你应该把它放在方括号内

cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _ 
        "Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _ 
        "DateTo) " ....... 

但是你在这里有一个更大的问题。连接字符串以形成一个sql命令文本是灾难的完美配方。 Sql注入和解析问题在这里等待你的命令。始终使用参数化查询

所以，仅仅作为一个例子

cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _ 
        "Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _ 
        "DateTo) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)"; 
    cmd.Parameters.AddWithValue("@p1", Me.txtEmployeeID.Text) 
    ..... and so on for the other eleven parameters..... 
    ..... add them in the exact order in which they appear in the parameter list .... 
    cmd.ExecuteNonQuery() 

Answer 2

Date是在T-SQL的保留字，所以你需要添加它周围的方括号：

cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _ 
      " VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _ 
      Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _ 
      Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')" 

Answer 3

你遇到了什么错误？如果EmployeeID是标识列，则不能明确插入值。