在'='附近显示语法错误 [英] Show syntax error near '='
本文介绍了在'='附近显示语法错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Public Class frmPrintBillReport
Private Sub frmPrintBillReport_Load(ByVal sender As System.Object,ByVal e As System.EventArgs)Handles MyBase.Load
试试
Dim rpt As New PrintBillCrystalReport()'您创建的报告。
Dim myConnection As SqlConnection
Dim MyCommand As New SqlCommand()
Dim myDA As New SqlDataAdapter()
Dim myDS As New TestdbDataSet'你创建的DataSet。
myConnection = New SqlConnection(Data Source = AKSHAY-PC\SQLEXPRESS; Initial Catalog = Testdb; Integrated Security = True)
MyCommand.Connection = myConnection
MyCommand.CommandText =select Customersdb.Customer_ID,CustomerRequirementdb.Product_ID,CustomerRequirementdb.Product_Name,BillFormatdb.Customer_Name,BillFormatdb。[Delivery Charge],BillFormatdb。[Bill Amount],BillFormatdb。[Total Amount]来自CustomerRequirementdb,Customersdb,BillFormatdb,其中BillFormatdb。[Customer Name] = CustomerRequirement.CName = Customersdb.Customer_Name和Customer_ID ='& frmCustomerRequirement.CheckBox1.Text& '
MyCommand.CommandType = CommandType.Text
myDA.SelectCommand = MyCommand
myDA.Fill(myDS,Customersdb)
myDA.Fill(myDS,BillFormatdb )
myDA.Fill(myDS,CustomerRequirementdb)
rpt.SetDataSource(myDS)
CrystalReportViewer1.ReportSource = rpt
Catch ex As Exception
MessageBox.Show( ex.Message,Error,MessageBoxButtons.OK,MessageBoxIcon.Error)
结束尝试
结束子
解决方案
< blockquote>
其中 BillFormatdb。[客户名称] = CustomerRequirement.CName = Customersdb.Customer_Name
这部分将关闭SQL。你有 = 两次没有任何分离...
然而,最重要的是你使用用于创建SQL命令的字符串连接。巨大的错误!!!
您正在为SQL注入攻击打开系统!!!
使用参数化查询!
BillFormatdb。[客户名称] = CustomerRequirement.CName = Customersdb.Customer_Nam
这里的东西似乎有误。
您应该在这些查询错误场景中执行的操作是在Sql Server Management Studio中运行相同的查询。
它应该让您了解查询的位置。
Public Class frmPrintBillReport
Private Sub frmPrintBillReport_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Try
Dim rpt As New PrintBillCrystalReport() 'The report you created.
Dim myConnection As SqlConnection
Dim MyCommand As New SqlCommand()
Dim myDA As New SqlDataAdapter()
Dim myDS As New TestdbDataSet 'The DataSet you created.
myConnection = New SqlConnection("Data Source=AKSHAY-PC\SQLEXPRESS;Initial Catalog=Testdb;Integrated Security=True")
MyCommand.Connection = myConnection
MyCommand.CommandText = "select Customersdb.Customer_ID, CustomerRequirementdb.Product_ID, CustomerRequirementdb.Product_Name, BillFormatdb.Customer_Name, BillFormatdb.[Delivery Charge], BillFormatdb.[Bill Amount], BillFormatdb.[Total Amount] from CustomerRequirementdb, Customersdb,BillFormatdb where BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_Name and Customer_ID='" & frmCustomerRequirement.CheckBox1.Text & "'"
MyCommand.CommandType = CommandType.Text
myDA.SelectCommand = MyCommand
myDA.Fill(myDS, "Customersdb")
myDA.Fill(myDS, "BillFormatdb")
myDA.Fill(myDS, "CustomerRequirementdb")
rpt.SetDataSource(myDS)
CrystalReportViewer1.ReportSource = rpt
Catch ex As Exception
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
End Sub 解决方案
where BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_Name
This part will pis off SQL. You have=twice without separation of any kind...
However, what is most important that you use string concatenation for creating SQL command. Big, huge mistake!!!
You are opening you system for SQL injection attacks!!!
Use parameterized queries!
BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_Nam
Something here seems to be wrong.
What you should do in these query error scenarios is run the same query in Sql Server Management Studio.
It should give you an idea on where the query is going worong.
这篇关于在'='附近显示语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
