开发者

vb.net insert query

问答 作者:

Please help me determine what's wrong with my code, the query seems to be fine, I tried executing it on phpmyadm开发者_Go百科in. 

  Dim cmdString As OdbcCommand
        cmdString = New OdbcCommand("INSERT INTO info_student (`idno`, `Last Name`, `First Name`, `Year and Section`, `Birthday`, `Address`) VALUES('" & (TextBox6.Text) & "','" & (TextBox1.Text) & "','" & (TextBox2.Text) & "','" & (TextBox3.Text) & "','" & (TextBox8.Text) & "','" & (TextBox10.Text) & "','" & (TextBox4.Text) & "'", con)
        cmdString.ExecuteNonQuery()

I got this error:

ERROR [42000] [MySQL][ODBC 5.1 Driver][mysqld-5.1.36-community-log]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

You're missing the closing parens at the end of the insert statement.

                                                    V
...& (TextBox10.Text) & "','" & (TextBox4.Text) & "')", con)...
                                                    ^

I think that one of the values you're trying to insert already contains a single quote (') and therefore the SQL statement becomes invalid.

Please read some articles about SQL Injection, your code is vulnerable!

Try changing your quotes to ' rather than the tilted quote character

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9