Cmd.executenonquery（）;抛出''''附近的错误语法错误 [英] Cmd.executenonquery(); throws "incorrect syntax near '/' " error

问题描述

使用C＃开发.net Web应用程序。



当我使用一个更改查询时，我收到上述错误。



home.global.mon-从全局变量获取的表名值。

tbl_col - 要添加的列的名称，取自本地变量。



我的尝试：



con.open（）;

sqlcommand cmd = new sqlcommand（Alter table+ home.global.mon +ADD+ tbl_col +varchar（50），con）;

cmd.executenonquery（）;

con.close（）;



con（连接）已在Begging建立。

Developing a .net web application using C#.

When i use one alter query i am getting the above error.

home.global.mon- table name value getting from global variable.
tbl_col - name of the column to be added, taking from local variable.

What I have tried:

con.open();
sqlcommand cmd=new sqlcommand("Alter table "+home.global.mon+ "ADD" +tbl_col+ "varchar(50)",con );
cmd.executenonquery();
con.close();

con(connection) has already established at Begging.

推荐答案

Quote：

Cmd.executenonquery（）;抛出错误的语法'/'附近错误

Cmd.executenonquery(); throws "incorrect syntax near '/' " error

您正在通过字符串连接与我们不知道的变量构建查询，这使我们无法知道什么是实际查询。



你必须在变量中构建查询，以便在调试器中打印或检查。

---- -

你的代码没有你想象的那样，或者你不明白为什么！



有一个几乎通用的解决方案：在调试器上逐步运行代码，检查变量。

调试器在这里向您展示您的代码正在做什么，您的任务是与它应该做什么进行比较。

调试器中没有魔法，它不知道你应该做什么，它没有找到错误，它只是通过向你展示发生了什么来帮助你。当代码没有达到预期的效果时，你就接近了一个错误。

要查看你的代码在做什么：只需设置断点并查看代码是否正常运行，调试器允许你执行第1行第1行，并在执行时检查变量。

调试器 - 维基百科，免费的百科全书 [ ^ ]



掌握Visual Studio 2010中的调试 - 初学者指南 [ ^ ]

使用Visual Studio 2010进行基本调试 - YouTube [ ^ ]

在Visual Studio中调试C＃代码 - YouTube [ ^ ]

调试器只显示你的代码正在做，你的任务是与它应该做的事情进行比较。

You are building the query by string concatenation with variables that we don't know, this make it impossible for us to know what is the real query.

you have to build the query in a variable so the can be printed or inspected in debugger.
-----
Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.
Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]
Debugging C# Code in Visual Studio - YouTube[^]
The debugger is here to only show you what your code is doing and your task is to compare with what it should do.

首先，你使用字符串连接构建查询。这是一个非常糟糕的想法!!总是使用参数化查询。 Google为C＃参数化查询提供了示例。



那么你可以通过Google进行SQL注入攻击，了解为什么你所做的事情是如此糟糕。



现在，说到这一点，你在构建查询字符串时没有注意空格。您生成的查询将如下所示：

First, you're building queries using string concatenation. That's a REALLY BAD IDEA!! ALWAYS use parameterized queries. Google for "C# parametrized queries" for examples.

Then you can Google for "SQL Injection Attack" for why what you're doing is so bad.

Now, having said that, you''re not paying attention to spaces when you build your query string. Your resulting query will look something like this:

Alter table homeglobalmonADDtblcolvarchar(50)

*用相应的变量内容替换斜体文本。



首先将查询构建到字符串变量中，然后使用字符串变量来新建SqlCommand对象AND使用DEBUGGER可以很容易地诊断出这个问题。

* Replace the italics text with the corresponding variable contents.

Build the query into a string variable first and then using string variable to new up the SqlCommand object AND USING THE DEBUGGER would have made diagnosing this problem very easy.

"Alter table "+home.global.mon+ "ADD" +tbl_col+ "varchar(50)"

如果您的变量没有leading\trailing空格，那么上面的结果将导致

If your variables don't have leading\trailing spaces then the above will result in

"Alter table TableNameADDColumnNamevarchar(50)"

这是有效的SQL吗？如果您使用调试器逐步执行代码，您可以自己看到这一点。此外，您在错误中有/这一事实表明您的一个变量中有一个斜杠会留下无效的表或列名。



和其他人一样我们已经说过了，我们不知道您输入的是什么，所以我们无法告诉您该怎么做。学习调试代码，因为这将帮助您完成基础知识。

Is that valid SQL? You could see this yourself if you use the debugger to step through your code. Also the fact that you have a "/" in the error suggests there is a slash in one of your variables leaving to an invalid table or column name.

As others have said, we don't know what is in your inputs so we can't tell you what to do. Learn to debug your code though as that will help you cover the basics.

这篇关于Cmd.executenonquery（）;抛出''''附近的错误语法错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！