Error on .ExecuteNonQuery() in SQL Update Query [duplicate]

问题:

This question already has an answer here:

• ADD SQL QUERY STAT 1 answer

I'm trying to update an Access database using a SQL query, whenever I click the save button, it generates an error

An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll

Additional information: No value given for one or more required parameters.

And highlights .ExecuteNonQuery(). Can you guys help me on this? I'm new to vb.net.

Thanks in advance.

 Private Sub SaveButton_Click(sender As Object, e As EventArgs) Handles SaveButton.Click         Dim empNum As String         Dim empFname As String         Dim empLname As String         Dim empDept As String         Dim empStat As String         Dim empYears As String            empNum = eNumText.Text         empFname = empFnameText.Text         empLname = empLnameText.Text         empDept = DeptText.Text         empStat = StatText.Text         empYears = yearstext.Text          con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source= c:\Databse\Company_db.accdb"         con.Open()          MsgBox(empNum)           Dim SqlAdapter As New OleDbDataAdapter         Dim Table As New DataTable          Dim sqlQuery As String = "UPDATE tbl_empinfo SET EmpID='" & empNum & "', FirstName ='" & empFname & "', LastName='" & empLname & "', Department='" & empDept & "', Status='" & empStat & "', Years='" & empYears & "' WHERE EmpID ='" & empNum & "' "           Using cmd As New OleDbCommand(sqlQuery, con)             With cmd                 .CommandText = sqlQuery                 .Connection = con                 .Parameters.AddWithValue("EmpID", empNum)                 .Parameters.AddWithValue("FirstName", empFname)                 .Parameters.AddWithValue("LastName", empLname)                 .Parameters.AddWithValue("Department", empDept)                 .Parameters.AddWithValue("Status", empStat)                 .Parameters.AddWithValue("Years", empYears)                 .ExecuteNonQuery()             End With         End Using          sqlQuery = "SELECT * FROM tbl_empinfo "         Dim cmd1 As New OleDbCommand         Dim da As New OleDbDataAdapter           With cmd1             .CommandText = sqlQuery             .Connection = con             With SqlAdapter                 .SelectCommand = cmd1                 .Fill(Table)             End With             With DataGridView1                 .DataSource = Table             End With         End With          con.Close()     End Sub 

回答1:

your query syntax is wrong. Since you are using params, use placeholders in the SQL: (the question marks are not some 'etc' type thing, you use ? to mark parameters!):

Dim sqlQuery As String = "UPDATE tbl_empinfo SET FirstName = ?,               LastName=?, Department=?,              Status=?, Years=? WHERE empID = ?" 

Note: Six parameters

' USING will dispose of the cmd when it is done with it ' ...can also set the SQL and connection props in the constructor: Using cmd As New OleDbCommand(sqlQuery, con)    With cmd        ' no reason to move Textboxes to a variable either:        .Parameters.AddWithValue("@p1", empFnameText.Text)        .Parameters.AddWithValue("@p2", empLnameText.Text)        .Parameters.AddWithValue("@p3", DeptText.Text)        .Parameters.AddWithValue("@p4", StatText.Text)        .Parameters.AddWithValue("@p5", yearstext.Text) 

your missing 6th parameter:

      .Parameters.AddWithValue("@p6", eNumText.Text)               .ExecuteNonQuery()    End With  End Using 

I dont think Access supports named params, so you use dummy ones but be sure to AddWithValue in the order specified in the SQL string.

EDIT

You can just create a SQL string with the values embedded instead of using params which is sort of what your SQL string does. Params are much better (research SQL injection attacks), but your string method is wrong (and you cant mix methods). It should be:

Dim sqlQuery As String = "UPDATE tbl_empinfo " &         "SET FirstName = " & empFname & ", LastName=" & empLname  

The variables have to be outside the quotes or you will be setting FirstName to the literal "empFname"

文章来源: Error on .ExecuteNonQuery() in SQL Update Query [duplicate]