如何纠正我的运行时错误

本文介绍了如何纠正我的运行时错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我的插入查询是

my insert query is

Private Sub addnew_Click() str = "insert into profile(rollno,fathername,occupation,contactno,mothername,mother's occupation,annualincome,religion,caste,address,city,state)values(" & rno.Text & ", ' " & fname.Text & " ',' " & occu.Text & " ',' " & cno.Text & " ' ,' " & mname.Text & " ',' " & occupation.Text & " ', ' " & ain.Text & " ', ' " & religion.Text & " ', ' " & caste.Text & " ', ' " & address.Text & " ',' " & city.Text & " ',' " & state.Text & " ')" cn.Execute (str) MsgBox ("DETAILS ADDED ") End Sub

执行此操作时出现运行时错误， 任何人都可以帮助纠正此运行时错误. 提前感谢.........

while executing this i got a runtime error, can anyone help in correcting this runtime error. THANKS IN ADVANCE............

推荐答案

您 真的 是您的名字吗?专栏母亲的职业"? 我很惊讶SQL Server允许您这样做.如果这样做了，则需要将其括在"["和]"字符之间: Did you really name a column "mother''s occupation"? I am surprised that SQL server let you do that. If you did, then you will need to enclos it in ''['' and '']'' characters: str = "insert into profile(rollno,fathername,occupation,contactno,mothername,[mother's occupation],annualincome,religion,caste,address,city,state)...

而且，请勿连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.改为使用参数化查询.

But also, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.