{"获取错误:将varchar值'数据库'转换为数据类型int时转换失败。“} [英] {"Fetch error:conversion failed when converting the varchar value 'data base' to data type int."}

查看:85
本文介绍了{"获取错误:将varchar值'数据库'转换为数据类型int时转换失败。“}的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

{获取错误:将varchar值'数据库'转换为数据类型int时转换失败。}



我尝试过:



私有DataTable GetData()

{

DataTable dt = new DataTable();

SqlConnection connection = new SqlConnection(Data Source = .; Initial Catalog = Quiz_system; Integrated Security = True);

try

{

connection.Open();

SqlCommand sqlCmd = new SqlCommand(选择question_no,question,op1,op2,op3,op4,correct_ans来自tbl_question_bank其中course_name =' + lblcorrect.Text.ToString()+'和quiz_id ='+ lblqid.Text +',connection);

SqlDataAdapter sqlDa = new SqlDataAdapter(sqlCmd);

sqlDa.Fill(dt);

}

catch(System.Data.SqlClient.SqlException ex)

{

string msg =获取错误:;

msg + = ex.Message;

抛出新的异常(msg);

}

终于

{

connection.Close();

}

返回dt;

}

{"Fetch Error:Conversion failed when converting the varchar value 'Data Base' to data type int."}

What I have tried:

private DataTable GetData()
{
DataTable dt = new DataTable();
SqlConnection connection = new SqlConnection("Data Source=.;Initial Catalog=Quiz_system;Integrated Security=True");
try
{
connection.Open();
SqlCommand sqlCmd = new SqlCommand("Select question_no,question,op1,op2,op3,op4,correct_ans From tbl_question_bank where course_name='" + lblcorrect.Text.ToString() + "' and quiz_id='"+lblqid.Text+"'", connection);
SqlDataAdapter sqlDa = new SqlDataAdapter(sqlCmd);
sqlDa.Fill(dt);
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Fetch Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
connection.Close();
}
return dt;
}

推荐答案

永远不要通过与用户输入连接来构建SQL查询,它被命名为 SQL注入,它对您的数据库很危险并且容易出错。

名称中的单引号和程序崩溃。如果像Brian O'Conner这样的用户输入可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞。

SQL注入 - 维基百科 [ ^ ]

SQL注入 [ ^ ]
Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]


这篇关于{"获取错误:将varchar值'数据库'转换为数据类型int时转换失败。“}的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆