在数据库中插入数据时出错

Question

问题：将数据插入数据库。

错误：

用户未处理 SQLException

关键字“用户”附近的语法不正确

我放的箭头是突出显示的行，似乎是我不确定的错误。

Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Data.SqlClient
Imports System.Configuration

Partial Public Class _Default
    Inherits System.Web.UI.Page

    Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        con.Open()
    End Sub

    Protected Sub addBTN_Click(ByVal sender As Object, ByVal e As EventArgs) Handles addBTN.Click
    Dim cmd As New SqlCommand("insert into User (Name, Gender, Age) values ('" & nameTB.Text & "', '" & genderTB.Text & "', '" & ageTB.Text & "')", con)
    cmd.ExecuteNonQuery()  <------------------------------
    con.Close()
    nameTB.Text = ""
    genderTB.Text = ""
    ageTB.Text = ""

End Sub
End Class

Answer 1

User 是保留字，因此需要放在方括号中。您的查询对 SQL 注入开放，因此需要参数化。我建议在您需要之前打开连接。也可以使用Using 语句为您处理关闭和处置。

Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
     Using cmd As New SqlCommand("insert into [User] (Name, Gender, Age) values (@nameTB, @genderTB,@ageTB)", con)
        cmd.Parameters.AddWithValue("@nameTB", nameTB.Text)
        cmd.Parameters.AddWithValue("@genderTB", genderTB.Text)
        cmd.Parameters.AddWithValue("@ageTB", ageTB.Text)
        cmd.CommandType = CommandType.Text
        con.Open()
        cmd.ExecuteNonQuery()
        nameTB.Text = ""
        genderTB.Text = ""
        ageTB.Text = ""
    End Using
End Using

Answer 2

User 是 reserved word。用方括号将单词括起来：

 Dim cmd As New SqlCommand("insert into [User] (Name, Gender, Age) values ('" & nameTB.Text & "', '" & genderTB.Text & "', '" & ageTB.Text & "')", con)

来源：https://stackoverflow.com/a/6082422/1271037