查询表达式'emp.emp_id ='中的语法错误(缺少运算符)。 [英] Syntax error (missing operator) in query expression 'emp.emp_id ='.
本文介绍了查询表达式'emp.emp_id ='中的语法错误(缺少运算符)。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
private void btn_Delete_Click(object sender, EventArgs e)
{
if (txt_mobile_no.Text == "")
{
DialogResult Case = MessageBox.Show(".رقم الجوال فارغة", "سجل فارغ", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
EmpID();
string sql = "DELETE emp.*, emplogin.* FROM tbl_employee_details as [emp] LEFT JOIN tbl_user_login_access as [emplogin] ON emp.emp_id = emplogin.emp_id where emp.emp_id =" + eid + "";
Execute(sql);
DialogResult save2 = MessageBox.Show(".يتم حذف تفاصيل بنجاح", "حفظ", MessageBoxButtons.OK, MessageBoxIcon.Information);
BEmployee();
EmployeeID();
BindLogin();
Clear();
}
}
public void Execute(String sql)
{
cmd = new OleDbCommand(sql, conn);
cmd.ExecuteNonQuery();
}
推荐答案
您似乎在 eid $ c $中没有任何价值c>,所以字符串只是评估为:
You appear to have no value at all ineid
, so the string just evaluates to:
DELETE emp.*, emplogin.* FROM tbl_employee_details as [emp] LEFT JOIN tbl_user_login_access as [emplogin] ON emp.emp_id = emplogin.emp_id where emp.emp_id =
SQL非常正确地引起了他的注意和抱怨。
检查调试器中的变量内容,请,请停止这样做。不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
SQL quite rightly throws a hissy fit and complains.
Check the variable content in the debugger, and please, stop doing it like that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
这篇关于查询表达式'emp.emp_id ='中的语法错误(缺少运算符)。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文