I get an error on the line
我在线路上出错了
cmd.ExecuteNonQuery();
which says
说
Syntax error in INSERT INTO statement
INSERT INTO语句中的语法错误。
I think my query should be valid, I don't understand the problem and I've been working on it for hours. It's in the right order and putting [] around Users did not work for me, would appreciate help.
我认为我的问题应该是有效的,我不理解这个问题,我已经花了好几个小时在这个问题上。这是正确的顺序,并把[]周围的用户不为我工作,将感激帮助。
<%@ Page Language ="C#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script runat="server">
protected void Page_Load()
{
String username = Request.Form["username"];
String email = Request.Form["email"];
String password = Request.Form["password1"];
var age = Request.Form["age"];
String country = Request.Form["country"];
String hobbie = Request.Form["skin"];
String sql;
sql = "INSERT INTO Users(UserName, Email, Password, Age, Country, Hobbie) VALUES('" + username + "','" + email + "','" + password + "'," + age + ",'" + country + "','" + skin + "')";
String Path = Server.MapPath("App_Data/Users.accdb");
String connStr = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="+Path;
OleDbConnection conn = new OleDbConnection(connStr);
conn.Open();
OleDbCommand cmd = new OleDbCommand(sql, conn);
cmd.ExecuteNonQuery();
conn.Close();
}
3 个解决方案
#1
4
PASSWORD is a reserved keyword for MS-Access. Use it enclosed in square brackets
密码是MS-Access的保留关键字。用方括号括起来
sql = "INSERT INTO Users(UserName, Email, [Password] ....
But please, change that sql text to use a parameterized query. Also, if you are able to send this command with the actual values your query remains open to Sql Injection vulnerability and a parsing problem could arise when your input string contains a single quote
但是请修改sql文本以使用参数化查询。另外,如果您能够将这个命令与实际值一起发送,那么您的查询仍然可以打开Sql注入漏洞,当您的输入字符串包含单引号时,可能会出现解析问题。
sql = @"INSERT INTO Users(UserName, Email, [Password], Age, Country, Hobbie)
VALUES(?,?,?,?,?,?)";
....
OleDbCommand cmd = new OleDbCommand(sql, conn);
cmd.Parameters.AddWithValue("@p1", username);
.... and so on for the other 5 parameters required by the query ....
#2
2
I think Password is a reserved word. use like [Password]
我认为密码是一个保留字。使用(密码)
Try this
试试这个
sql = "INSERT INTO Users(UserName,Email,[Password],Age,Country,Hobbie) VALUES('" + username + "','" + email + "','" + password + "'," + age + ",'" + country + "','" + skin + "')";
And this is not recommended. Use parameterized query. like below:
这是不推荐的。使用参数化查询。像下图:
sql = "INSERT INTO Users(UserName, Email, [Password], Age, Country, Hobbie)
VALUES(@UserName,@Email,@Password,@Age,@Country,@Hobbie)";
OleDbCommand cmd = new OleDbCommand(sql, conn);
cmd.Connection = conn;
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@UserName", username);
cmd.Parameters.AddWithValue("@Email", Email);
cmd.Parameters.AddWithValue("@Password", Password);
cmd.Parameters.AddWithValue("@Age", Age);
cmd.Parameters.AddWithValue("@Country", Country);
cmd.Parameters.AddWithValue("@Hobbie", Hobbie);
#3
1
use [Password] instead of Password
使用[密码]代替密码
#1
4
PASSWORD is a reserved keyword for MS-Access. Use it enclosed in square brackets
密码是MS-Access的保留关键字。用方括号括起来
sql = "INSERT INTO Users(UserName, Email, [Password] ....
But please, change that sql text to use a parameterized query. Also, if you are able to send this command with the actual values your query remains open to Sql Injection vulnerability and a parsing problem could arise when your input string contains a single quote
但是请修改sql文本以使用参数化查询。另外,如果您能够将这个命令与实际值一起发送,那么您的查询仍然可以打开Sql注入漏洞,当您的输入字符串包含单引号时,可能会出现解析问题。
sql = @"INSERT INTO Users(UserName, Email, [Password], Age, Country, Hobbie)
VALUES(?,?,?,?,?,?)";
....
OleDbCommand cmd = new OleDbCommand(sql, conn);
cmd.Parameters.AddWithValue("@p1", username);
.... and so on for the other 5 parameters required by the query ....
#2
2
I think Password is a reserved word. use like [Password]
我认为密码是一个保留字。使用(密码)
Try this
试试这个
sql = "INSERT INTO Users(UserName,Email,[Password],Age,Country,Hobbie) VALUES('" + username + "','" + email + "','" + password + "'," + age + ",'" + country + "','" + skin + "')";
And this is not recommended. Use parameterized query. like below:
这是不推荐的。使用参数化查询。像下图:
sql = "INSERT INTO Users(UserName, Email, [Password], Age, Country, Hobbie)
VALUES(@UserName,@Email,@Password,@Age,@Country,@Hobbie)";
OleDbCommand cmd = new OleDbCommand(sql, conn);
cmd.Connection = conn;
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@UserName", username);
cmd.Parameters.AddWithValue("@Email", Email);
cmd.Parameters.AddWithValue("@Password", Password);
cmd.Parameters.AddWithValue("@Age", Age);
cmd.Parameters.AddWithValue("@Country", Country);
cmd.Parameters.AddWithValue("@Hobbie", Hobbie);
#3
1
use [Password] instead of Password
使用[密码]代替密码