protected void Button1_Click(object sender, EventArgs e)
{
string strConnection = "Provider=Microsoft.Jet.OleDb.4.0;";
strConnection += @"Data Source=G:\WebSite2\App_Data\db1.mdb";
OleDbConnection con = new OleDbConnection(strConnection);
con.Open();
string add="insert into data(title,date)values('"+TextBox1.Text+"','"+DateTime.Now+"')";
OleDbCommand cmd = new OleDbCommand(add,con);
cmd.ExecuteNonQuery();
con.Close();
}
怎么老提示 INSERT INTO 语句的语法错误。
哪位教师解释下啊 急啊~~~~~ 小弟分不多,还请谅解~~~
{
string strConnection = "Provider=Microsoft.Jet.OleDb.4.0;";
strConnection += @"Data Source=G:\WebSite2\App_Data\db1.mdb";
OleDbConnection con = new OleDbConnection(strConnection);
con.Open();
string add="insert into data(title,date)values('"+TextBox1.Text+"','"+DateTime.Now+"')";
OleDbCommand cmd = new OleDbCommand(add,con);
cmd.ExecuteNonQuery();
con.Close();
}
怎么老提示 INSERT INTO 语句的语法错误。
哪位教师解释下啊 急啊~~~~~ 小弟分不多,还请谅解~~~
data (title,date)
你用复杂的试试
m_data (m_title, m_date)
{
string strConnection = "Provider=Microsoft.Jet.OleDb.4.0;";
strConnection += @"Data Source=G:\WebSite2\App_Data\db1.mdb";
OleDbConnection con = new OleDbConnection(strConnection);
string add="insert into [data]([title],[date])values(@title, @date)";
OleDbCommand cmd = new OleDbCommand(add,con);
cmd.Parameters.AddWithValue("@title", TextBox1.Text);
cmd.Parameters.AddWithValue("@date", DateTime.Now);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
(2) 典型的SQL注入漏洞的典范, 见10楼.