OleDb Exception
本文关键字:Exception OleDb | 更新日期: 2023-09-27 17:58:01
经过5个小时的搜索,我找不到我的错误。我得到了这个例外。怎么了?
MyDictionary.exe 中发生类型为"System.Data.OleDb.OleDbException"的未处理异常
附加信息:INSERT INTO语句中存在语法错误。
我的代码:
public void Insert(Word word)
{
string language=FindLanguage();
try
{
command.CommandText ="INSERT INTO "+language+" ( Native , Foreign , Definition , AddingDate) values ( '" + word.Native + "' , '" + word.Foreign + "' , '" + word.Definition + "' ,'" + word.AddingDate + "')";
command.CommandType = System.Data.CommandType.Text;
connection.Open();
command.ExecuteNonQuery();
}
catch (Exception)
{
throw;
}
finally
{
if (connection != null)
{
connection.Close();
}
}
}
您应该在插入语句中使用参数。看起来您也缺少command.Connection = connection;
。请注意,您的SQL容易出现SQL注入
command.CommandText ="INSERT INTO "+language+"([Native],[Foreign],[Definition],[AddingDate]) VALUES (@Native,@Foreign,@Definition,@AddingDate)";
command.Parameters.AddWithValue("@Native", word.Native);
command.Parameters.AddWithValue("@Foreign",word.Foreign);
command.Parameters.AddWithValue("@Definition",word.Definition);
command.Parameters.AddWithValue("@AddingDate",word.AddingDate);
command.CommandType = System.Data.CommandType.Text;
command.Connection = connection;
connection.Open();
command.ExecuteNonQuery();
在OleDb中,INSERT INTO
语句的正确语法涉及SELECT
子句的使用,即使您正在附加静态值。所以您需要像下面的例子一样更改您的查询。
此外,如果您实际上没有处理引发的异常,则不要构造try...catch..finally
。为了便于处理,请改用using() { }
块。现在是:
public void Insert(Word word)
{
string language=FindLanguage();
using (var connection = new OleDbConnection("connection string goes here"))
using (var command = new OleDbCommand...)
{
command.CommandText = @
"INSERT INTO " + language + "(Native, Foreign, Definition, AddingDate)" +
"SELECT '"
+ word.Native + "' AS Native, '"
+ word.Foreign + "' AS Foreign, '"
+ word.Definition + "' AS Definition, '"
+ word.AddingDate + "' AS AddingDate"
;
connection.Open();
command.ExecuteNonQuery();
connection.Close();
}
}