发生了Sql异常.....附近的语法不正确 [英] Sql Exception occured.....Incorrect syntax near
本文介绍了发生了Sql异常.....附近的语法不正确的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的代码如下:尽管我试图处理Sql异常但仍无法正常工作。我应用了断点,Data Visualizer没有显示数据表...... plz help
conn.Open();
SqlDataAdapter da = new SqlDataAdapter( select *来自tbl_reg,其中user_nm ='' + userInput + ,conn);
DataTable dt = new DataTable();
尝试
{
da.Fill(dt);
conn.Close();
if (dt.Rows.Count == 0 )
{
lbl_conf.Visible = true ;
lbl_conf.Text = 抱歉......没有找到数据;
}
else
{
lbl_conf.Visible = true ;
lbl_conf.Text = 继续;
}
}
catch (SqlException ex)
{
if (ex SqlException)
{
lbl_conf.Visible = true ;
lbl_conf.Text = 处理Sql异常;
}
else
{
lbl_conf.Visible = true ;
lbl_conf.Text = 发生未知异常;
}
}
解决方案
除了Krunal所说的,不要那样做。
不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
SqlDataAdapter da = new SqlDataAdapter( select * from tbl_reg where user_nm = @ UN,conn);
da.SelectCommand.Parameters.AddWithValue( @ UN,userInput);
您好,
您的变量之前似乎有两个单引号,之后没有:
SqlDataAdapter da = new SqlDataAdapter(select * from tbl_reg where user_nm =''+ userInput +,conn);
尝试:
SqlDataAdapter da = new SqlDataAdapter(select * from tbl_reg where user_nm ='+ userInput +',conn);
或者更好的是仍然使用参数化查询。
select * from tbl_reg where user_nm = 'userInput +'
尝试使用此查询。
或者更好地使用参数化查询。
SqlDataAdapter da = new SqlDataAdapter(select * from tbl_reg where user_nm = @ user_name,conn);< br />
da.SelectCommand.Parameters .AddWithValue(@用户_名称,用户名;
-KR
My code are as follow: Even though I tried to handle the Sql Exception but still not working. I applied breakpoint and the Data Visualizer does not show the datatable......plz help
conn.Open();
SqlDataAdapter da = new SqlDataAdapter("select * from tbl_reg where user_nm=''" + userInput + "", conn);
DataTable dt = new DataTable();
try
{
da.Fill(dt);
conn.Close();
if (dt.Rows.Count == 0)
{
lbl_conf.Visible = true;
lbl_conf.Text = "Sorry....No data found";
}
else
{
lbl_conf.Visible = true;
lbl_conf.Text = "Keep going";
}
}
catch(SqlException ex)
{
if (ex is SqlException)
{
lbl_conf.Visible = true;
lbl_conf.Text = "Handle the Sql Exception";
}
else
{
lbl_conf.Visible = true;
lbl_conf.Text = "Unknown Exception occured";
}
} 解决方案
In addition to what Krunal says, don't do it like that.
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
SqlDataAdapter da = new SqlDataAdapter("select * from tbl_reg where user_nm=@UN", conn); da.SelectCommand.Parameters.AddWithValue("@UN", userInput);
Hello,
You appear to have two single quotes before your variable and none after:
SqlDataAdapter da = new SqlDataAdapter("select * from tbl_reg where user_nm=''" + userInput + "", conn);
Try:
SqlDataAdapter da = new SqlDataAdapter("select * from tbl_reg where user_nm='" + userInput + "'", conn);
Or better still use a parameterised query.
"select * from tbl_reg where user_nm="'"+ userInput + "'"
try with this query.
Or better use a parameterised query.
SqlDataAdapter da = new SqlDataAdapter("select * from tbl_reg where user_nm=@user_name", conn);<br /> da.SelectCommand.Parameters.AddWithValue("@user_name", username);
-KR
这篇关于发生了Sql异常.....附近的语法不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
