在 C# 中插入语句 (0x80040E14) 中的 oledb 异常语法错误
本文关键字:oledb 中的 异常 语法 错误 0x80040E14 插入 语句 | 更新日期: 2024-10-30 08:35:12
我在插入语句中遇到了异常。但是数据正确插入到表中。有人可以告诉我此代码中的错误吗?
private void btnAddNewSale_Click(object sender, EventArgs e)
{
string StrQuery;
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
for (int i = 0; i < DataGridViewAddSale.Rows.Count; i++)
{
StrQuery = "insert into BillItem (billNumber,storeItemNumber,numberOfItems,priceForEach,totalValue) values (" + txtBillNo.Text + ", "+ DataGridViewAddSale.Rows[i].Cells["ColCordNo"].Value + ", "+ DataGridViewAddSale.Rows[i].Cells["ColQty"].Value + ", " + DataGridViewAddSale.Rows[i].Cells["ColUnitPrice"].Value + " ," + DataGridViewAddSale.Rows[i].Cells["ColTotalValue"].Value + ");";
command.CommandText = StrQuery;
command.ExecuteNonQuery();
}
}
以下是例外情况
System.Data.OleDb.OleDbException (Ox8004OE14): Syntax error in INSERT INTO statement.
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OIeDbHResult br)
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult)
at System.Oata.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult)
at System.Data.OIeDb.OleDbCommand.ExecuteReaderlnternal(CommandBehavior behavior, String method)
at System.Data.OleDb.OleDbCommand.ExecuteNonQueryo
at Bsystem_1 ._1 .Form2.btnAddNewSale_Click(Object sender, EventArgs e) in c:'Users'jagath'Documents'Visual Studio 2013'Projects'Bsystem 1.1'Bsystem
1.1'Form2.cs:line 166
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, 1nt32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.BuftonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, 1nt32 msg, IntPtr wparam, IntPtr Ipa ram)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
dwComponentlD, 1nt32 reason, 1nt32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLooplnner(1nt32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(1nt32 reason, ApplicationContext context)
at System.Windows.Forms.Application.RunDialog(Form form)
at System.Windows.Forms.Form.ShowDialog(IWin32Window owner)
at System.Windows.Forms.Form.ShowDialogO
at Bsystem_1 ._1 .Forml .btnjogin_Click(Object sender, EventArgs e) in c:'Users'jagath'Documents'Visual Studio 2013'Projects'Bsystem 1.1'Bsystem
1.1'Forml.cs:line 49
检查列的名称和数据类型。然后使用 CommandParameter 来避免 sql 注入。如果您使用保留字作为表名,我还建议您用方括号封装表名。
using (var command = new OleDbCommand
{
Connection = connection,
CommandText =
"insert into [BillItem] (billNumber, storeItemNumber, numberOfItems, priceForEach, totalValue) values (?, ?, ?, ?, ?)"
})
{
for (int i = 0; i < DataGridViewAddSale.Rows.Count; i++)
{
command.Parameters.Clear();
var rowCells = DataGridViewAddSale.Rows[i].Cells;
command.Parameters.AddWithValue("@p1", txtBillNo.Text);
command.Parameters.AddWithValue("@p2", rowCells["ColCordNo"].Value);
command.Parameters.AddWithValue("@p3", rowCells["ColQty"].Value);
command.Parameters.AddWithValue("@p4", rowCells["ColUnitPrice"].Value);
command.Parameters.AddWithValue("@p5", rowCells["ColTotalValue"].Value);
command.ExecuteNonQuery();
}
}
如上所述,您必须使用参数化查询来保护 sql 注入。
insert into [BillItem] (billNumber, storeItemNumber, numberOfItems, priceForEach, totalValue)
values (@para1,@para2,@para3,...)
//and add into command
command.Parameters.AddWithValue("@para1", txtBillNo.Text);
上面的错误来了,当你的值有 Sqlserver 保留字时,很可能是单引号,如 charlie's angels
或 <或> 或 & 在 xml 字段中或>
检查您是否在该表中分配了无效的任何外键(关系)。