为什么标识符出现预期错误 [英] why Identifier expected error comes
问题描述
ob.fetch(从Reciption_info选择Email_id,其中Email_Id ='+ txtemail.Text +');
if(ob.ds.Tables [0] .Rows.Count> ; 0)
{
lblmsg.Text =已经退出;
txtemail.Text。=;
txtemail.Focus();
}
ob.fetch("select Email_id from Reciption_info where Email_Id='" + txtemail.Text + "'");
if (ob.ds.Tables[0].Rows.Count > 0)
{
lblmsg.Text = "already exits";
txtemail.Text.= "";
txtemail.Focus();
}
推荐答案
'='之前的点不能解释为语法允许的任何内容。在此点('。')之后,需要一些标识符。删除这个点,你会看到。
但即便是第一行也是一个大错误。这是一个名为 SQL注入的已知漏洞的邀请: http://xkcd.com/327 [< a href =http://xkcd.com/327target =_ blanktitle =New Window> ^ ]。
For更多详细信息,请参阅我过去的答案:
在com.ExecuteNonQuery中更新错误(); [ ^ ],
你好名字不是显示名称? [ ^ ]。
这里解释正确的方法:
http://msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ],
http://en.wikipedia.org/wiki/SQL_injection [ ^ ]。
-SA
Dot before '=' cannot be interpreted as anything allowed by the syntax. After this dot ('.'), some identifier is expected. Remove this dot, and you will see.
But even the first line is a big mistake. This is the invitation for a known exploit called SQL injection: http://xkcd.com/327[^].
For further detail, please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].
Correct approach is explained here:
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^],
http://en.wikipedia.org/wiki/SQL_injection[^].
—SA
看到第5行的小小点你的代码片段?
See that tiny little dot on line 5 of your code snippet?
txtemail.Text. = "";
应该是这个:
Should be this:
txtemail.Text = "";
我假设你是初学者。一旦你获得了一些经验,你就能够闭上眼睛看到这些语法错误。 ;-)
BTW,谢尔盖在他的回答中提到你的脚本是对SQL注入开放的。你可能想好好看看......
I'm assuming you're a beginner. Once you gain some experience you'll be able to spot these sort of syntax errors with your eyes shut. ;-)
BTW, Sergey mentioned in his answer that your script is open to SQL injection. You might want to take a good look at that...
这篇关于为什么标识符出现预期错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!