如何修复错误“接近错误的语法”)'。“ [英] How Do I Fix The Error "Incorrect Syntax Near ')'."
本文介绍了如何修复错误“接近错误的语法”)'。“的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hello Team,
我收到错误语法不正确')'。。如何解决问题。
Hello Team,
I am getting error "Incorrect syntax near ')'.".How to fix the issue.
string insertQuery = string.Format(
"Insert into CUSTOMERLOANDATA(Firstname,MiddleName,LastName,FullAddress,MobileNo1,EmailID,DOB,Loan1IntrRate,Loan1Amt,Loan2IntrRate,Loan2Amt,DateOfEMI,ReleaseDate,HouseType,Salary,CustomerLoanOCRId,CustomerAddr1,CustomerAddr2,Landmark,State,City,Pincode) values('{0}','{1}','{2}','{3}',{4},'{5}',{6},{7},{8},{9},{10},{11},{12},'{13}',{14},{15},'{16}','{17}','{18}','{19}','{20}',{21})",
customerLoanRecord.FirstName, ////0
customerLoanRecord.MiddleName, ////1
customerLoanRecord.LastName, ////2
customerLoanRecord.FullAddress, ////3
customerLoanRecord.MobileNo1, ////4
customerLoanRecord.EmailID, ////5
(customerLoanRecord.DOB.HasValue ? "'" + customerLoanRecord.DOB.Value.ObjectToDBDateTime() + "'" : "null"), ////6
customerLoanRecord.Loan1IntrRate, ////7
customerLoanRecord.Loan1Amt, ////8
customerLoanRecord.Loan2IntrRate, ////9
customerLoanRecord.Loan2Amt, ////10
(customerLoanRecord.DateOfEMI.HasValue ? "'" + customerLoanRecord.DateOfEMI.Value.ObjectToDBDateTime() + "'" : "null"), ////11
(customerLoanRecord.ReleaseDate.HasValue ? "'" + customerLoanRecord.ReleaseDate.Value.ObjectToDBDateTime() + "'" : "null"), ////12
customerLoanRecord.HouseType, ////13
customerLoanRecord.Salary, ////14
customerLoanRecord.CustomerLoanOCRId, ////15
customerLoanRecord.CustomerAddr1, ////16
customerLoanRecord.CustomerAddr2, ////17
customerLoanRecord.Landmark, ////18
customerLoanRecord.State, ////19
customerLoanRecord.City, ////20
customerLoanRecord.Pincode);
谢谢Harshal Raut
Thanks Harshal Raut
推荐答案
Hi
请不要使用格式化的SQL语句,因为它有 SQL Injection <的风险/ a> [ ^ ] ,,使用 SQL参数化c# [ ^ ]
样本:
Hi Pls dont use Formatted SQL Statements as it is risk of SQL Injection [^],,use SQL Parameterised c#[^]
sample:
string qry = "INSERT INTO TableName (Column1,Column2,Column3) VALUES( @Column1,@Column2,@Column3)";
SqlCommand cmd = new SqlCommand(qry, con);
cmd.Parameters.AddWithValue("@Column1", value1);
cmd.Parameters.AddWithValue("@Column1", value2);
cmd.Parameters.AddWithValue("@Column1", value3);
使用SQL参数。
http://www.dotnetperls.com/sqlparameter [ ^ ]
你的方式比字符串连接略好,但仍然高度暴露于SQL注入攻击。使用参数化查询特别是这个大的东西真的可以帮助你正确地形成你的SQL并给出你能理解的错误。
By using SQL Parameters.
http://www.dotnetperls.com/sqlparameter[^]
Your way is slightly better than string concatenation, but still highly exposed to SQL injection attacks. Using parameterized queries expecially with something this big will really help you form your SQL properly and give errors that you can understand.
我能说的最好的解决方案是,删除所有的代码然后从A再次启动它。然后逐行添加查询,同时运行并检查是否有任何错误。通过这种方式,你可以很容易地在那里找到丢失的或额外的括号。
没有捷径可以在这个查询中找到缺少的括号.B'cos它的字符串值。
祝你好运:)
The best solution which I can say to you is, Remove all the code and start it again from A. And add your query line by line and the same time run and check whether is there any errors or not. In that way you can easily find the missing or additional bracket there.
There is no short cut for find the missing bracket on this query.B'cos its string value.
Good Luck :)
这篇关于如何修复错误“接近错误的语法”)'。“的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
