抛出异常:未为命令对象设置 C# 命令文本
我是 C# 的新手,只研究了几个星期.我正在编写一个带有 Windows 窗体和后面的 Access 数据库的应用程序.我希望将用户插入的详细信息添加到访问数据库中.我已经浏览了其他论坛(包括在 stackoverflow 上)以达到这一点,但是我在运行时不断收到错误消息,指出未为命令对象设置命令文本"(我突出显示了它出现在下面的行)我不明白也无法摆脱.任何帮助将非常感激.谢谢K
I'm new to C#, only been studying it for a few weeks. I'm writing an application with a windows form from and Access database at the back. I want the details inserted by the user to be added to access database. I've looked through other forums (including on stackoverflow) to get this far, but I keep getting an error thrown at run time stating 'Command text was not set for the command object' (ive highlighted the line it appears on below) which I dont understand and can't get rid of. Any help would be much appreciated. Thanks K
private void btnOkay_Click(object sender, EventArgs e)
{
string connectionString =
"provider=Microsoft.ACE.Oledb.12.0;" +
"data source=C:\\Users\\Documents\\StudentRegistrationDatabase.accdb";
OleDbConnection myOleDbConnection = new OleDbConnection(connectionString);
OleDbCommand myOleDbCommand = myOleDbConnection.CreateCommand();
string strSql = @"INSERT INTO StudentDetails ([Forename],[Surname],[CourseName],[DOB],)" +
"VALUES('"+txtFirstName.Text +"','" +txtLastName.Text +"','" +txtCourseName.Text +"','"+ txtDOB.Text +"')";
myOleDbConnection.Open();
OleDbCommand cmd = new OleDbCommand(strSql, myOleDbConnection);
cmd.Parameters.AddWithValue("@Forename", txtFirstName);
cmd.Parameters.AddWithValue("@Surname", txtLastName);
cmd.Parameters.AddWithValue("@CourseName", txtCourseName);
cmd.Parameters.AddWithValue("@DOB", txtDOB);
**myOleDbCommand.ExecuteNonQuery();** }
谢谢大家的回复.当我第一次开始编写这段代码时,我使用了以下几行代码:
Thank you all for your replies. When I first started coding this piece, I used the following lines of code:
' {
string connectionString =
"provider=Microsoft.ACE.Oledb.12.0;" +
"data source=C:\\Users\\Botterill\\Documents\\StudentRegistrationDatabase.accdb";
OleDbConnection myOleDbConnection = new OleDbConnection(connectionString);
OleDbCommand myOleDbCommand = myOleDbConnection.CreateCommand();
myOleDbConnection.Open();
myOleDbCommand.CommandText = "INSERT INTO StudentDetails ([Forename],[Surname],[CourseName],[DOB],)" +
"VALUES('" + txtFirstName.Text + "','" + txtLastName.Text + "','" + txtCourseName.Text + "','" + txtDOB.Text + "')";'
**myOleDbCommand.ExecuteNonQuery();**
但是,在粗体行中,我收到一个运行时错误,说INSERT INTO 语句中存在语法错误".我认为这会在我发布的第一个问题中所做的更改中得到纠正.任何帮助将不胜感激.谢谢凯特
But, on the line in bold I was getting a runtime error saying that there was 'Syntax error in INSERT INTO statement'.I thought this would be corrected in the changes I made in the first question I posted. Any help would be appreciated greatly. Thanks Kate
您从连接创建 myOleDbCommand,然后继续使用查询设置 cmd 实例文本,然后执行 myOleDbCommand,它没有附加任何命令文本.
You create myOleDbCommand from the connection and then you continue to set up the cmd instance with the query text, and then you execute myOleDbCommand which doesn't have any command text attached to it.
您真正想使用 OleDbCommand 的哪个实例?
Which instance of OleDbCommand do you really want to use?
此外,正如@thorarin 所指出的,当您打开应用程序进行 SQL 注入攻击时,您应该使用命名参数(如 cmd 示例中所示)而不是连接字符串来创建命令文本.
Additionally, as @thorarin notes, you should use the named parameters (as in cmd example) and not concatenate the strings to create the command text, as you open your application for SQL injection attacks.