问题描述
我已经创建一个表审核
。当我尝试使用这个脚本插入表:
I already create a table Audit
. When I try to insert table using this script:
sql = "Insert into "& myAudit &" (Date, Time, AuditCode , DetailsCode, CurData1, CurData2, CurData3, PrevData1, PrevData2 , PrevData3 , StaffID) values ('"& myTarikh &"','"& myMasa & "','" & myAuditCode & "', '" & myDetailsCode & "','"& myCurData1 &"','" & myCurData2 & "','" & myCurData3 & "','" & myPrevData1 & "','" & myPrevData2 & "','" & myPrevData3 & "', '" & myUserID &"')"
据diplays:
It diplays:
Microsoft OLE DB提供程序的ODBC驱动程序错误80040E14
[甲骨文] [ODBC] [奥拉] ORA-00904:STAFFID是:无效的标识符
[Oracle][ODBC][Ora]ORA-00904: "STAFFID": invalid identifier
如何解决这个问题?
推荐答案
停止,使用的的!您当前的code中的一个字段时使用
易受黑客和错误。使用这样的:
STOP, use parameterized queries! Your current code is vulnerable for hackers and errors when using '
in one of the fields. Use something like this:
string query = "insert into myAudit (date, time, auditcode, ...) values (?, ?, ?, ...)";
OdbcCommand command = new OdbcCommand(query, connection);
command.Parameters.Add("?").Value = myTarikh;
command.Parameters.Add("?").Value = myMasa;
command.Parameters.Add("?").Value = myAuditCode;
请注意使用?
,因为ODBC不支持的参数名称,因此参数的顺序事项!
Note the use of ?
, since ODBC doesn't support parameter names, so the order of parameters matters!
二,问题是在 STAFFID是
字段,这似乎并不在审核表中存在。
Second, the issue is in the StaffID
field, that doesn't seem to exist in your audit table.
这篇关于ORA-00904:"&STAFFID ;: QUOT标识符无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!