什么是语法错误 [英] what is syntax error
本文介绍了什么是语法错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
插入声明此行中的语法错误
what is syntax error in Insert into statement this line
string cb = "insert into Sales1 ([InvoiceNo],[InvoiceDate],[SubTotal],[VATPercentage],[VATAmount],[GrandTotal],[TotalPayment],[PaymentDue]) VALUES ('" + txtInvoiceNo.Text + "'," + dtpInvoiceDate.Text + "," + txtSubTotal.Text + "," + txtTaxPer.Text + "," + txtTaxAmt.Text + "," + txtTotal.Text + "," + txtTotalPayment.Text + ",'" + txtPaymentDue.Text + "')";
推荐答案
您是否知道此实现容易受到 SQL注入的影响[ ^ ]?
我建议您更愿意使用存储过程 [ ^ ]或参数化查询 [ ^ ]。
Do you know that this implementation is susceptible of SQL Injection[^]?
I would suggest you to rather use Stored Procedure[^] or Parameterized Queries[^] in SQL.
与语法错误相比,语法错误是微不足道的。这有其他问题。
不要连接字符串来构建SQL命令d。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
这样做很可能会开始消除语法错误 - 但它可能会留下一些你需要查看的内容。
从您的日期开始...
1)确保您不将它们存储为NVARCHAR值:使用DATETIME或将来会遇到大量问题。
2)不要将它们作为字符串传递,即使是作为参数:这样就会让SQL错误解释日期格式并抛出异常或更糟,在数据库中插入错误的数据。您可以使用C#代码访问Culture的用户设置,从而可以确切地确定他期望的日期:SQL不会,也不会。检查并将您的日期转换为C#中的DateTime值,并将其作为参数传递给SQL。
The "syntax error" is trivial, compared to the other problems this has.
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Doing that will very likely start to remove the syntax error - but it may leave some others you need to look at as well.
Starting with your dates...
1) Make sure you don't store them as NVARCHAR values: use DATETIME or you will have massive problems in future.
2) Don't pass them through as strings, even as parameters: that leaves the way open for SQL to misinterpret the date format and either throw an exception or worse, insert teh wrong data in your DB. You C# code has access to the user setting for Culture and thus can work out exactly what date he expects: SQL doesn't, and can't. Check and convert your dates to DateTime values in your C# and pass that through to SQL as a parameter.
这篇关于什么是语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
