2

我正在为我们公司开发一个网络地图应用程序内部网。我正在地图上创建一个“添加多边形”功能。我使用 AspMap、VB.NET 和 SQL Server。当用户单击按钮以从 Web 表单输入数据属性添加新记录时,错误Incorrect syntax near '?' 发生。

我的代码是:

Private Sub AddNewShape(ByVal checklist_id As String, ByVal type As String, ByVal shape As AspMap.Shape, ByVal address_area As String, ByVal dmz As String, ByVal customerid As String, ByVal source As String, ByVal area As String, ByVal instalatur As String, ByVal developer As String, ByVal data_received As DateTime, ByVal doc_data As DateTime, ByVal datereport As DateTime, ByVal remark As String)
    Dim tableName As String

    Select Case shape.ShapeType
        Case AspMap.ShapeType.Line
            tableName = "lines"
        Case AspMap.ShapeType.Polygon
            tableName = "sambungan_baru"
        Case Else
            Return
    End Select

    Dim conn As SqlConnection = GetDbConnection()
    Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, DMZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)"

    Dim cmd As SqlCommand = New SqlCommand(sql, conn)
    cmd.Parameters.AddWithValue("CHECKLIST_ID", checklist_id)
    cmd.Parameters.AddWithValue("TYPE", type)
    cmd.Parameters.AddWithValue("SHAPEDATA", shape.ShapeData)
    cmd.Parameters.AddWithValue("ADDRESS_AREA", address_area)
    cmd.Parameters.AddWithValue("DMZ", dmz)
    cmd.Parameters.AddWithValue("CUSTOMERID", customerid)
    cmd.Parameters.AddWithValue("SOURCE", source)
    cmd.Parameters.AddWithValue("AREA", area)
    cmd.Parameters.AddWithValue("INSTALATUR", instalatur)
    cmd.Parameters.AddWithValue("DEVELOPER", developer)
    cmd.Parameters.AddWithValue("DATA_RECEIVED", data_received)
    cmd.Parameters.AddWithValue("DOC_DATA", doc_data)
    cmd.Parameters.AddWithValue("DATA_SENT", datereport)
    cmd.Parameters.AddWithValue("REMARK", remark)

    cmd.ExecuteNonQuery()
    conn.Close()

    ReloadShapesDatabase()
End Sub

我改变了这个:

Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, DMZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK) VALUES *(?,?,?,?,?,?,?,?,?,?,?,?,?,?)

对此:

Dim sql As String = "INSERT INTO " & tableName & " (CHECKLIST_ID, TYPE, SHAPEDATA, ADDRESS_AREA, MZ, CUSTOMERID, SOURCE, AREA, INSTALATUR, DEVELOPER, DATA_RECEIVED, DOC_DATA, DATA_SENT, REMARK)(@checklist_id, @type, @shapedata, @address_area, @dmz, @conection, @source, @area, @instalatur, @developer, @data_received, @doc_data, data_sent, @remark)"

我遇到了警告:必须声明标量变量“@conection”。谁能帮我?

4

3 回答 3

4

您在 SQL 查询中混淆了两种不同样式的参数。ODBC 语法使用简单的占位符 '?' 每个参数的字符,并且参数的替换顺序与您将它们添加到参数集合中的顺序相同。对于 an OdbcCommand,您给参数的名称将被忽略,只有它们的顺序很重要。

对于 a SqlCommand,参数名称是有意义的;当命令执行时,它将通过一个 SQL 存储过程运行,该过程接受参数名称和值的列表并将它们替换到 T-SQL 查询中。在这种情况下,将参数添加到查询的顺序并不重要,但您需要确保名称正确(包括“@”前缀。)

使用SqlCommand带参数的正确方法如下:

// The SQL Query: Note the use of named parameters of the form
// @ParameterName1, @ParameterName2, etc.
Dim sql As String = "INSERT INTO " & tableName & _
"    (CHECKLIST_ID, TYPE, SHAPEDATA ) " & _
"VALUES " & _
"    (@ChecklistId, @Type, @ShapeData )"

// The Parameter List. Note that the Parameter name must exactly match
// what you use in the query:
Dim cmd As SqlCommand = New SqlCommand(sql, conn)
cmd.Parameters.AddWithValue("@CheckListId", checklist_id)
cmd.Parameters.AddWithValue("@Type", type)
cmd.Parameters.AddWithValue("@ShapeData", shape.ShapeData)

cmd.ExecuteNonQuery()
于 2012-06-13T03:10:41.217 回答
1

您应该分配这样的参数,在您的情况下,您错过了为“CONECTION”参数提供值。另外作为附加说明,您应该始终将连接对象包含在 using 块中。请参阅内容并查看“备注”部分。

command.CommandText = "INSERT INTO Table (Col1, Col2, Col3) VALUES _
                     (@Col1Val, @Col2Val, @Col3Val)"
command.Parameters.AddWithValue("@Col1Val","1");
command.Parameters.AddWithValue("@Col2Val","2");
command.Parameters.AddWithValue("@Col3Val","3");
于 2012-06-13T02:50:00.360 回答
0

请确保Dim cmd As SqlCommand = New SqlCommand(sql, conn)使用conn开放连接。

然后验证您的参数类型是否符合数据库表定义。另外,如果您使用字符串类型,您可以在插入的任何文本之前和之后添加一个 '。

可以肯定的是,您可以中断cmd.ExecuteNonQuery()并复制相关命令的值并将其运行到任何 SQL 管理器工具。

最后,处置你的cmd.

否则检查这是否对您的问题有帮助: http: //social.msdn.microsoft.com/Forums/en-US/sqlspatial/thread/9d75106a-b0d4-49cc-ac86-d41cba4ab797

于 2012-06-13T14:14:00.983 回答