必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。 [英] Must declare the scalar variable "@devicecode". Unclosed quotation mark after the character string ''.
本文介绍了必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我发现此错误请帮助我任何一个
这些代码如下: -
I found this error please help me any one
these are the code as below :-
private void button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=sapserver;Initial Catalog=eSSLSmartOffice;Persist Security Info=True;User ID=sa;Password=kanik_delta@123");
con.Open();
//sda = new SqlDataAdapter("select DeviceCode,LogDateTime, EmpCode = '" + textBox1.Text + "' from compact WHERE LogDateTime = '" +dateTimePicker1.Value + "'", con);
SqlDataAdapter sda = new SqlDataAdapter("select @DeviceCode,@LogDateTime, @EmpCode = '" + textBox1.Text + "' from compact WHERE @LogDateTime BETWEEN '" + textBox2.Text + "' AND '" + textBox3.Text + "", con);
dt = new DataTable();
sda.Fill(dt);
dataGridView1.DataSource = dt;
//MessageBox.Show("Inserted sucessfully");
}
private void button2_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=sapserver;Initial Catalog=eSSLSmartOffice;Persist Security Info=True;User ID=sa;Password=kanik_delta@123");
con.Open();
// sda = new SqlDataAdapter("UPDATE compact SET LogDateTime = '" + textBox2.Text + "', con);
SqlDataAdapter sda = new SqlDataAdapter("update compact set @LogDateTime=" + textBox2.Text + "where @EmpCode=" + textBox1.Text + "", con);
dt = new DataTable();
sda.Fill(dt);
dataGridView1.DataSource = dt;
}
}
我的尝试:
What I have tried:
Must declare the scalar variable "@DeviceCode". Unclosed quotation mark after the character string ''.
推荐答案
A. dvice:永远不要通过连接用户输入来构建'sql查询',这对你的数据库很危险并且容易出错。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
请注意,在SELECT中,textBox1.Text
嵌入引号
Advice: Never build an 'sql query' by concatenating with user inputs, it is dangerous for your database and error prone.
SQL injection - Wikipedia[^]
SQL Injection[^]
Note that in SELECT,textBox1.Text
is embedded in quotes
EmpCode = '" + textBox1.Text + "'
但是没有UPDATE, textBox1.Text
不是
but un UPDATE, textBox1.Text
is not
@EmpCode=" + textBox1.Text + ""
Thi s可能是一个错误。
This is probably an error.
这篇关于必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文