我遇到了运行我的Visual Basic应用程序的问题。当我尝试将数据添加到我的DataGridView时,我得到了syntax error INSERT INTO
。为什么我得到关于INSERT INTO的语法错误?
这里是下面的代码,你能告诉我它有什么问题吗?
Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
'open connection if it is not already opened
cnn.Open()
End If
'new connection
cmd.Connection = cnn
'check whether to add new or update
If Me.txtEmployeeID.Tag & "" = "" Then
'add new
'add new data to table
cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, Date, Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _
" VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _
Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _
Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')"
cmd.ExecuteNonQuery()
Else
'update data in table and execute
cmd.CommandText = "UPDATE Attendance" & _
" SET EmployeeID =" & Me.txtEmployeeID.Text & _
", FirstName ='" & Me.txtFirstName.Text & "'" & _
", LastName ='" & Me.txtLastName.Text & "'" & _
", Date ='" & Me.txtdate.Text & "'" & _
", Holiday ='" & Me.txtHoliday.Text & "'" & _
", HalfDay='" & Me.txtHalfDay.Text & "'" & _
", Other='" & Me.txtOther.Text & "'" & _
", Unpaidholiday='" & Me.txtUnpaidHoliday.Text & "'" & _
", DaysTaken='" & Me.txtDaysTaken.Text & "'" & _
", DateFrom='" & Me.DateTimePicker1.Text & "'" & _
", DateTo='" & Me.DateTimePicker2.Text & "'" & _
" WHERE employeeID =" & Me.txtEmployeeID.Tag
cmd.ExecuteNonQuery()
End If
'refresh data in table list
refreshdata()
'clear form
Me.btnclear.PerformClick()
'close connection
cnn.Close()
End Sub
你很可能有一个无与伦比的滴答数。使用参数为您的查询,并且不会发生,避免SQL注入的更大问题。你也在做一些你不想要的类型转换 – Plutonix