Sqlclient异常错误 - sql server 2014 [英] Sqlclient exception error - sql server 2014
问题描述
这是我第一次使用sql server(我只试用了访问数据库)。
我总是得到错误的激活当我试图检查用户名是否已经存在于数据库中时(我有每个用户的用户ID,但我用其他功能的用户名搜索用户名)。
我真的不知道在哪里继续解决这个问题,
这是连接到数据库的功能:
Hi,
It is my first time that I'm using sql server (I only have experiment with access databases).
I get all the time error excpetion when I'm trying to check if the user name is already exist in database (I have user ID for each user, but I search the username by the username I get from other function).
I realy don't know where to continue to solve this problem,.
This is the function that connect to the data base:
bool IWCFClientService.CheckIfUserNameAvailable(string userName)
{
string connectionString = @"Data Source=localhoast;Initial Catalog=MailChatApplicationDB;Integrated Security=True";
SqlConnection connToDB = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand("select * FROM UsersTbl WHERE UserName =" + userName, connToDB);
SqlParameter param = new SqlParameter();
param.ParameterName = "@UserName";
param.Value = userName;
cmd.Parameters.Add(param);
SqlDataReader reader;
bool checkIFAvailable = false;
try
{
connToDB.Open();
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
checkIFAvailable = true;
}
}
catch (Exception ex)
{
string errorStr = ex.ToString();
Console.WriteLine("Error messege: " + errorStr);
DateTime errorDate = DateTime.Now;
string filePath = @"c:\Errors Text Files\";
string fileName = "Exception Error.txt";
StreamWriter file = new System.IO.StreamWriter(filePath + fileName);
file.WriteLine(errorStr);
file.Close();
}
finally
{
connToDB.Close();
}
return checkIFAvailable;
}
这是用户表(UsersTbl):
http://s12.postimg.org/a8n2iu31p/Users_Tbl.jpg >
现在关于激发错误:
我现在得到两个错误,依赖于函数获取的使用名称。
当用户名为w4e时,exatation错误为:
And this is the table of the users (UsersTbl):
http://s12.postimg.org/a8n2iu31p/Users_Tbl.jpg
Now about the excpetion error:
I get now two errors, dependents on the use name that the function get.
When the user name is w4e the exatation error is:
System.Data.SqlClient.SqlException( 0x80131904):'w4e'附近的语法不正确。
在System.Data.SqlClient.SqlConnection.OnError(SqlException异常,布尔breakConnection,Action`1 wrapCloseInAction)
在系统.Data.SqlClient.SqlInternalConnection.OnError(SqlException异常,Boolean breakConnection,Action`1 wrapCloseInAction)
在System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj,Boolean callerHasConnectionLock,在System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean& amp;)中的
。 dataReady)
在System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
在System.Data.SqlClient.SqlDataReader.get_MetaData()
在System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds,RunBehavior runBehavior,String resetOptionsString)
在System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async ,Int32超时,任务和任务,布尔asyncWrite,SqlDataReader ds)
在System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String方法,TaskCompletionSource`1完成, Int32超时,任务和任务,布尔asyncWrite)
在System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBeha vior behavior,String方法)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at ClientService.WCFClientService.ClientServiceContract.IWCFClientService.CheckIfUserNameAvailable(String userName)in c :\ Users \ MyName \Documents\Visual Studio 2013 \Projects\CollegeFinalProject\ClientService \WCFClientService.cs:line 405
ClientConnectionId:........ .......>
System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near 'w4e'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at ClientService.WCFClientService.ClientServiceContract.IWCFClientService.CheckIfUserNameAvailable(String userName) in c:\Users\MyName\Documents\Visual Studio 2013\Projects\CollegeFinalProject\ClientService\WCFClientService.cs:line 405
ClientConnectionId:...............>
当第二个错误时函数获取用户名blabla(关于我的愚蠢示例的sory)
The second error when the function get the user name blabla(sory about my stupid examples)
System.Data.SqlClient.SqlException(0x80131904):无效的列名'blabla'。
在System.Data.SqlClient.SqlConnection.OnError(SqlException异常,Boolean breakConnection,Action`1 wrapCloseInAction)<在System.Data.SqlClient.SqlInternalConnection.OnError(SqlException异常,布尔breakConnection, Action.1 wrapCloseInAction)
在System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj,Boolean callerHasConnectionLock,Boolean asyncClose)
在System.Data.SqlClient.TdsParser。 TryRun(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean& dataReady)
在System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
在System.Data.SqlClient.SqlDataReader.get_MetaData()
在System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds,RunBehavior runBehavior,String resetOptionsString)
在System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async ,Int32超时,任务和任务,布尔asyncWrite,SqlDataReader ds)
在System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String方法,TaskCompletionSource`1完成, Int32超时,任务和任务,布尔asyncWrite)
在System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBeha vior behavior,String方法)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at ClientService.WCFClientService.ClientServiceContract.IWCFClientService.CheckIfUserNameAvailable(String userName)in c :\ Users \ MyName \Documents\Visual Studio 2013 \Projects\CollegeFinalProject\ClientService \WCFClientService.cs:line 405
ClientConnectionId:........ .......
System.Data.SqlClient.SqlException (0x80131904): Invalid column name 'blabla'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at ClientService.WCFClientService.ClientServiceContract.IWCFClientService.CheckIfUserNameAvailable(String userName) in c:\Users\MyName\Documents\Visual Studio 2013\Projects\CollegeFinalProject\ClientService\WCFClientService.cs:line 405
ClientConnectionId:...............
这可能也是数据库问题的问题>如果确实如此,我不知道它是什么样的正确的支柱。
希望你能帮助我。
Could it be also problem with the database propeties> Becouse if it does, I doesn't know what the correct propesties it shluld be.
Hope you can help me with this.
推荐答案
问题是这行代码:
The problem is this line of code:
SqlCommand cmd = new SqlCommand("select * FROM UsersTbl WHERE UserName =" + userName, connToDB);
如果您读取后面的行,则添加一个名为@UserName的参数,但您从不使用它。你的代码应该是
If you read the lines after it you add a parameter named @UserName but you never use it. Your code should be
SqlCommand cmd = new SqlCommand("select * FROM UsersTbl WHERE UserName = @UserName", connToDB);
另外,你拥有它的方式将允许你被SQL注入攻击。始终使用参数化查询。
Also the way you have it will allow you to be hacked by SQL injection. Always use parameterized queries.
您已经(正确地)使用了参数化查询,但您将值而不是参数名称添加到select
声明。它应该是:
You have (correctly) used a parameterized query, but you added the value rather than the parameter name to yourselect
statement. It should be:
SqlCommand cmd = new SqlCommand("select * FROM UsersTbl WHERE UserName = @UserName", connToDB);
SqlParameter param = new SqlParameter();
param.ParameterName = "@UserName";
param.Value = userName;
// ...
这篇关于Sqlclient异常错误 - sql server 2014的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!