0

提前道歉 - 我是视觉工作室的新手(和一般编程)

我正在尝试使用以下代码填充两个访问表房东和财产-但我不断收到

" SQL 语句末尾缺少分号 (;)。"

有什么建议么 ?这是代码:

Dim aConnection As OleDbConnection
Dim aCommand As OleDbCommand
Dim aConnectionString, aQuery As String
Dim Username As String = txtUsername.Text
Dim Pword As String = TextBox2.Text
Dim EmailDetails As String = TextBox9.Text
Dim Question As String = DropDownList2.Text
Dim Answer As String = TextBox4.Text

aConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source = " _
& Server.MapPath("AppData/RMT.accdb")
aConnection = New OleDbConnection(aConnectionString)
aConnection.Open()
aQuery = "Insert Into Landlord (Username, email, Security_Question, Security_Answer, Pword, Status) Values ('" & Username & "','" & EmailDetails & "','" & Question & "','" & Answer & "', '" & Pword & "','pending')Into Property Values (26,46,'marysway','MarysRd','Marysville','Cork North')"
aCommand = New OleDbCommand(aQuery, aConnection)
aCommand.ExecuteNonQuery()

aConnection.Close()
4

1 回答 1

1

我认为 Microsoft Access 的 ADO.NET 提供程序不支持在同一查询字符串中使用多个插入语句。但是,为了检查,您可以尝试编写

aQuery = "Insert Into Landlord (Username, email, Security_Question, Security_Answer, " & _ 
         "Pword, Status) Values ('" & Username & "','" & EmailDetails & "','" & _
         Question & "','" & Answer & "', '" & Pword & "','pending');" & _
         "Insert Into Property Values (26,46,'marysway','MarysRd','Marysville','Cork North')"

注意第一个 INSERT 语句和第二个语句之间的分号(顺便说一下,您的原始代码中缺少第二个 INSERT 关键字)

也就是说,我建议在构建查询文本以传递给数据库引擎时始终使用 OleDbCommand 的参数集合。
这将避免文本解析问题(输入文本中的单引号会破坏所有内容),而且您不会将代码暴露给Sql 注入攻击

Using aConnection = New OleDbConnection(aConnectionString)
    aConnection.Open()

    aQuery = "Insert Into Landlord (Username, email, Security_Question, " + 
             "Security_Answer, Pword, Status) Values (?, ?, ?,?,?,'pending')"
    aCommand = New OleDbCommand(aQuery, aConnection)
    aCommand.Parameters.AddWithValue("@usr", Username)
    aCommand.Parameters.AddWithValue("@email", EmailDetails)
    aCommand.Parameters.AddWithValue("@qst", Question)
    aCommand.Parameters.AddWithValue("@ans", Answer)
    aCommand.Parameters.AddWithValue("@pwd", Pword)
    aCommand.ExecuteNonQuery()

    aQuery = "Insert Into Property Values (26,46,'marysway','MarysRd','Marysville','Cork North')"
    aCommand = New OleDbCommand(aQuery, aConnection)
    aCommand.ExecuteNonQuery()

End Using
于 2012-11-16T16:32:14.180 回答