无法识别的逃脱序列 [英] unrecognised escape sequence
问题描述
大家好我在下面的代码中得到了无法识别的esscape序列
SqlConnection cn = new SqlConnection(Data Source = B4ITCCTVSERVER\SQLEXPRESS; Initial Catalog = login1; Integrated Security = True );
i在\中获取它(B4ITCCTVSERVER(\)SQLEXPRESS)
如果我删除了\它编译但程序没有尽快启动当我尝试连接到数据库时我得到一个错误,有没有办法删除\而不是更改目录路径?
hi all i get the unrecognised esscape sequence in the followeing code
""SqlConnection cn = new SqlConnection("Data Source=B4ITCCTVSERVER\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");""
i get it on the \ in (B4ITCCTVSERVER(\)SQLEXPRESS)
if i remove the \ it compiles but the program doesnt start as soon as i try to connect to the database i get a error, is there a way to remove the \ and not change the directory path?
推荐答案
这意味着编译器无法识别\S作为转义序列 [ ^ ]
使用B4ITCCTVSERVER \\SQLEXPRESS或在整个字符串前加上@,这使得字符串成为字符串逐字 - 见字符串参考 [ ^ ]
It means the compiler does not recognise\Sas an escape sequence[^]
Either useB4ITCCTVSERVER\\SQLEXPRESSor precede the entire string with@which makes the string "verbatim" - see string reference[^]
出现此错误的原因是因为在C#字符串文字中以反斜杠开头的字符组合是 转义序列 [ ^ ] 。编译器在你的字符串中找到转义序列\S,不能识别它,并给出错误。
有两种方法可以解决它:
The reason that you get this error, is because character combinations that start with a backslash in C# string literals are escape sequences[^]. The compiler finds the escape sequence\Sin your string, doesn't recognize it, and gives an error.
There are two possible way to resolve it:
- 用反斜杠替换反斜杠,双反斜杠:
- Replace the backslash by its escape sequence, a double backslash:
SqlConnection cn = new SqlConnection("Data Source=B4ITCCTVSERVER\\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");
@ 符号:
@ sign before the literal:SqlConnection cn = new SqlConnection(@"Data Source=B4ITCCTVSERVER\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");
okay it works (
\\ ) and the @ but i get another syntax error -
SqlCommand cmd = new SqlCommand("from user1 where username = '" + textBox1.Text + "' and password = '" + textBox2.Text + "'", cn);?或建议
除了你在解决方案2的一些评论中已经告诉你的内容:
你的方法从一开始就是错误的。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示在名称中?。
In addition to what you've been already told in some of the comments to Solution 2:
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
这篇关于无法识别的逃脱序列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
