怎么解决这个? '@'附近的语法不正确。 [英] How to solve this? Incorrect syntax near '@'.
本文介绍了怎么解决这个? '@'附近的语法不正确。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在asp.net中写了更新查询。当我更新它显示
'@
附近的语法不正确
错误在这里
第82行:cmd.Parameters.AddWithValue( @repass,repass.Text);
第83行:cmd.Parameters.AddWithValue(@ imagelink,imagelink);
第84行:cmd.ExecuteNonQuery();
第85行:con.Close();
第86行:
我的表定义是:
Regist_ID数字(18,0)未选中
名称nvarchar(100)未选中
ParentsName nvarchar(100)已选中
DOB nvarchar(MAX)已选中
性别nvarchar(MAX)已检查
ContactsNo nvarchar(50)已检查
EmailID nvarchar(100)已检查
地址nvarchar(MAX)已检查
爱好nvarchar(MAX)已检查
密码nvarchar(50)已检查
Re_Password nvarchar(50)已检查
Profile_IMG nvarchar(MAX)已检查
我尝试过:
SqlConnection con = new SqlConnection(@Data Source = Home-PC\SQLEXPRESS;初始目录= KARATE-ACADEMY; Integrated Security = True);
con.Open();
String update =update StdRegistration_db set Name = @ name,ParentsName = @ parentsname,DOB = @ DOB,Gender = @ Gender,ContactsNo = @contacts,EmailID = @ email,Address = address @,Hobbies = @activity ,Password = @ password,Re_Password = @repass,Profile_IMG = @imagelink其中Name ='+ Session [Name]。ToString()+';
SqlCommand cmd = new SqlCommand(update,con);
cmd.Parameters.AddWithValue(@ name,name.Text);
cmd.Parameters.AddWithValue(@ parentsname,parentsname.Text);
cmd.Parameters.AddWithValue(@ DOB,DOB.Text);
cmd.Parameters.AddWithValue(@ Gender,Gender);
cmd.Parameters.AddWithValue(@ contacts,contacts.Text);
cmd.Parameters.AddWithValue(@ email,email.Text);
cmd.Parameters.AddWithValue(@ address,address.Text);
cmd.Parameters.AddWithValue(@ activity,activity);
cmd.Parameters.AddWithValue(@ password,password.Text);
cmd.Parameters.AddWithValue(@ repass,repass.Text);
cmd.Parameters.AddWithValue(@ imagelink,imagelink);
cmd.ExecuteNonQuery();
con.Close();
解决方案
在您的查询中,您有地址=地址@,那应该是
地址= @地址,虽然我赞扬你使用参数化查询,但为什么要通过引入SQL注入来破坏它风险与
其中名称= ' + Session [Name]。ToString()+' ;这应该是
其中名称= @SessionName ;您将需要
cmd.Parameters.AddWithValue( @ sessionname,会话[ 名称]的ToString());
I am write the update query in asp.net. when i update it shows the
Incorrect syntax near '@
error is here
Line 82: cmd.Parameters.AddWithValue("@repass", repass.Text);
Line 83: cmd.Parameters.AddWithValue("@imagelink", imagelink);
Line 84: cmd.ExecuteNonQuery();
Line 85: con.Close();
Line 86:
my table definition is:
Regist_ID numeric(18, 0) Unchecked Name nvarchar(100) Unchecked ParentsName nvarchar(100) Checked DOB nvarchar(MAX) Checked Gender nvarchar(MAX) Checked ContactsNo nvarchar(50) Checked EmailID nvarchar(100) Checked Address nvarchar(MAX) Checked Hobbies nvarchar(MAX) Checked Password nvarchar(50) Checked Re_Password nvarchar(50) Checked Profile_IMG nvarchar(MAX) Checked
What I have tried:
SqlConnection con = new SqlConnection(@"Data Source=Home-PC\SQLEXPRESS;Initial Catalog=KARATE-ACADEMY;Integrated Security=True");
con.Open();
String update = "update StdRegistration_db set Name= @name,ParentsName= @parentsname,DOB= @DOB,Gender=@Gender,ContactsNo= @contacts ,EmailID= @email,Address=address @,Hobbies= @activity,Password= @password,Re_Password= @repass ,Profile_IMG= @imagelink where Name='" + Session["Name"].ToString() + "'";
SqlCommand cmd = new SqlCommand(update, con);
cmd.Parameters.AddWithValue("@name", name.Text);
cmd.Parameters.AddWithValue("@parentsname", parentsname.Text);
cmd.Parameters.AddWithValue("@DOB", DOB.Text);
cmd.Parameters.AddWithValue("@Gender", Gender);
cmd.Parameters.AddWithValue("@contacts", contacts.Text);
cmd.Parameters.AddWithValue("@email", email.Text);
cmd.Parameters.AddWithValue("@address", address.Text);
cmd.Parameters.AddWithValue("@activity", activity);
cmd.Parameters.AddWithValue("@password", password.Text);
cmd.Parameters.AddWithValue("@repass", repass.Text);
cmd.Parameters.AddWithValue("@imagelink", imagelink);
cmd.ExecuteNonQuery();
con.Close();
解决方案
In your query you haveAddress=address @,That should read
Address=@address,Whilst I commend you for using a parameterised query, why oh why do you go and ruin it by introducing a SQL Injection risk with
where Name='" + Session["Name"].ToString() + "'";That should be something like
where Name=@SessionName";and you will need
cmd.Parameters.AddWithValue("@sessionname", Session["Name"].ToString());
这篇关于怎么解决这个? '@'附近的语法不正确。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
