在SQLExpress中查询 [英] Query in SQLExpress
本文介绍了在SQLExpress中查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
mycmd = mycn.CreateCommand();
mycmd.CommandText = CREATE TABLE IF NOT NOT EXISTS.ems_db1.dbo``querysummary` LIKE`ems_db1 .dbo`。 + TreeView1.SelectedNode.Text + _ querysummary`;
mycmd.ExecuteNonQuery();
我在Mysql中使用上面的代码它正常工作但现在我在代码c#代码中触发此查询后将数据库转移到SQLExpress它会产生以下错误。
关键字IF附近的语法不正确。
'''附近的语法不正确。
我的查询中出错了什么?
解决方案
连接到数据库,并尝试:
IF object_id(' querysummary',' < span class =code-string> U') IS NOT NULL
CREATE TABLE ' querysumma ry' ...'
除了OriginalGriff [ ^ ] ... 不要使用这样的陈述! 为什么?
1)你的声明是 Sql Injection [ ^ ]易受攻击,
2)你无法控制新创建的表的数量
3)它需要管理员权限(小心提供对没有经验的用户的完全访问权限!),
4)等
如需了解更多信息,请参阅:
如何:防止ASP.NET中的SQL注入 [ ^ ]
做存储过程是否可以防止SQL注入? [ ^ ]
SQL注入及其如何避免 [ ^ ]
IF NOT EXISTS ( SELECT * FROM sysobjectsWHERE name = ' tbl_name' AND xtype = ' U')
选择 * 进入 ems_db1.dbo.kquerysummary 来自 ems_db1.dbo.querysummary 其中 1 = 0
mycmd = mycn.CreateCommand();
mycmd.CommandText = "CREATE TABLE IF NOT EXISTS `ems_db1.dbo`.`querysummary` LIKE `ems_db1.dbo`.`" + TreeView1.SelectedNode.Text + "_querysummary`";
mycmd.ExecuteNonQuery();
I Use above code in Mysql it work proper but now I shift database to SQLExpress after firing this query in code c# code it gives an following error.
Incorrect syntax near the keyword 'IF'.
Incorrect syntax near '`'.
Is my something wrong in my query?
解决方案
Connect to the DB, and try this:
IF object_id('querysummary', 'U') IS NOT NULL CREATE TABLE 'querysummary' ...'
In addition to solution 2 by OriginalGriff[^]... Do not use such of statements! Why?
1) your statement is Sql Injection[^] vulnerable,
2) you can't control the count of newly created tables
3) it requires admin privileges (be careful in giving full access to the inexperienced users!),
4) etc.
For further information, please see:
How To: Protect From SQL Injection in ASP.NET[^]
Do Stored Procedures Protect Against SQL Injection?[^]
SQL Injection and how to avoid it[^]
IF NOT EXISTS (SELECT * FROM sysobjects WHERE name='tbl_name' AND xtype='U') select * into ems_db1.dbo.kquerysummary from ems_db1.dbo.querysummary where 1 = 0
这篇关于在SQLExpress中查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
