问题描述
我在向 Microsoft Access 添加日期/时间时遇到问题,这是我的代码:
private void submit_Click(object sender,EventArgs e)
{
try
{
connection.open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into DailyLog (EmployeeID,BusNumber,RouteID,DestinationID,ActivityID,Date,MilesDriven,GasIngallons,Comments) values('"+ employee.SelectedValue + "','" + bus.SelectedValue + "','" + route.SelectedValue + "','" + dest.SelectedValue + "','" + activity.SelectedValue + "','" + theDate.Value.ToString("MM/dd/yyyy") + "','" + miles.Value + "','" + gas.Value + "','" + comments.Text + "')";
command.ExecuteNonQuery();
MessageBox.Show("Your log has been submitted.");
connection.Close();
}
catch(Exception ex)
{
MessageBox.Show("Err: " + ex);
connection.Close();
}
}
它只给我一个“日期”的语法错误。我应该怎么办?我已尝试修复属性,将其设为短日期、一般日期等。似乎没有任何效果。
确切的错误:
解决方法
尝试参数化您的命令。这将处理任何潜在的 SQL 注入问题以及正确格式化 DBMS 的值。
string commandText = "insert into DailyLog (EmployeeID,BusNumber,RouteID,DestinationID,ActivityID,Date,MilesDriven,GasInGallons,Comments) values(@employee,@bus,@route,@dest,@activity,@theDate,@miles,@gas,@comments)";
using (OleDbCommand command = new OleDbCommand(commandText,connection)) {
// add parameters
command.Parameters.Add(new OleDbParameter("@employee",OleDbType.Integer));
command.Parameters.Add(new OleDbParameter("@theDate",OleDbType.DBDate));
// set parameter valuess
command.Parameters["@employee"] = employee.SelectedValue;
command.Parameters["@theDate"] = theDate.Value;
// execute command
command.ExecuteNonQuery();
}
已更新以删除 AddWithValue。