必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。 [英] Must declare the scalar variable "@devicecode". Unclosed quotation mark after the character string ''.

查看：136 发布时间：2019/6/10 19:25:39 C#3.5

本文介绍了必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我发现此错误请帮助我任何一个

这些代码如下： -

I found this error please help me any one

these are the code as below :-

private void button1_Click(object sender, EventArgs e)
       {
           SqlConnection con = new SqlConnection("Data Source=sapserver;Initial Catalog=eSSLSmartOffice;Persist Security Info=True;User ID=sa;Password=kanik_delta@123");
           con.Open();
           //sda = new SqlDataAdapter("select DeviceCode,LogDateTime, EmpCode = '" + textBox1.Text + "' from compact WHERE LogDateTime =  '" +dateTimePicker1.Value + "'", con);
           SqlDataAdapter sda = new SqlDataAdapter("select @DeviceCode,@LogDateTime, @EmpCode = '" + textBox1.Text + "' from compact WHERE @LogDateTime BETWEEN '" + textBox2.Text + "' AND '" + textBox3.Text + "", con);
           dt = new DataTable();
           sda.Fill(dt);
           dataGridView1.DataSource = dt;
           //MessageBox.Show("Inserted sucessfully");
       }

       private void button2_Click(object sender, EventArgs e)
       {
           SqlConnection con = new SqlConnection("Data Source=sapserver;Initial Catalog=eSSLSmartOffice;Persist Security Info=True;User ID=sa;Password=kanik_delta@123");
           con.Open();
          // sda = new SqlDataAdapter("UPDATE compact SET LogDateTime =  '" + textBox2.Text + "', con);
           SqlDataAdapter sda = new SqlDataAdapter("update compact set @LogDateTime=" + textBox2.Text + "where @EmpCode=" + textBox1.Text + "", con);
           dt = new DataTable();
           sda.Fill(dt);
           dataGridView1.DataSource = dt;

       }
   }

我的尝试：

What I have tried:

Must declare the scalar variable "@DeviceCode". Unclosed quotation mark after the character string ''.

推荐答案

A. dvice：永远不要通过连接用户输入来构建'sql查询'，这对你的数据库很危险并且容易出错。

SQL注入 - 维基百科 [ ^ ]

SQL注入 [ ^ ]

请注意，在SELECT中， textBox1.Text 嵌入引号

Advice: Never build an 'sql query' by concatenating with user inputs, it is dangerous for your database and error prone.
SQL injection - Wikipedia[^]
SQL Injection[^]

Note that in SELECT, textBox1.Text is embedded in quotes

EmpCode = '" + textBox1.Text + "'

但是没有UPDATE， textBox1.Text 不是

but un UPDATE, textBox1.Text is not

@EmpCode=" + textBox1.Text + ""

Thi s可能是一个错误。

This is probably an error.

这篇关于必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。 [英] Must declare the scalar variable "@devicecode". Unclosed quotation mark after the character string ''.

问题描述

推荐答案

相关文章

其他开发语言最新文章

热门教程

热门工具

登录关闭

必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。 [英] Must declare the scalar variable &quot;@devicecode&quot;. Unclosed quotation mark after the character string &#39;&#39;.

问题描述

推荐答案

相关文章

其他开发语言最新文章

热门教程

热门工具

登录 关闭

必须声明标量变量“@ devicecode”。字符串''后面的未闭合引号。 [英] Must declare the scalar variable "@devicecode". Unclosed quotation mark after the character string ''.

登录关闭