“?”附近的语法无效错误。 [英] invalid Syntax near '?' error.
本文介绍了“?”附近的语法无效错误。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已将我的数据库从访问转换为sql。因此,在保存图像时会抛出此错误。我怎么能解决这个问题,
这是我的代码,
I Have Converted my database from access to sql. So while Saving image it throws this error. How can I solve this,
This is my code,
SelStr = "" &
"Update Admission Set AdmissionNo = '" & AdmNo & "', ENClass = '" & Enclass & "', StudentFN = '" & SFN & "', " &
"StudentMN = '" & SMN & "', StudentLN = '" & SLN & "', FatherFN = '" & FFN & "', FatherMN = '" & FMN & "', " &
"FatherLN = '" & FLN & "', MotherFN = '" & MFN & "', MotherMN = '" & MMN & "', MotherLN = '" & MLN & "', " &
"GuardianFN = '" & GFN & "', GuardianLN = '" & GLN & "', GRelation = '" & GRel & "', CCity = '" & CCity & "', " &
"FatMob = '" & FathMo & "', AltNo = '" & AltNo & "', Gender = '" & Gender & "', Category = '" & Category & "', " &
"Religion = '" & Religion & "', PSName = '" & PSName & "', PSClass = '" & PSClass & "', PSGrade = '" & PSGrade & "', " &
"PSCity = '" & PSCity & "', PSState = '" & PSState & "', PSPYear = '" & PSYear & "', AddressPer = '" & AddPer & "', " &
"AddressPre = '" & AddPre & "', Remark = '" & Remark & "', DOB = '" & DOB & "', JnDt = '" & JnDt & "', " &
"FOcc = '" & Focc & "', FEdu = '" & FEdu & "', FASal = '" & FASal & "', MOcc ='" & MOcc & "', MEdu = '" & MEdu & "', " &
"MASal = '" & MASal & "', BusFacility = '" & BusFac & "', BusFrmID=0 , BusFrm = 'NA', " &
"BroSis = '" & BroSis & "', Attachments = '" & AttachLis & "', AttachmentIDs = '" & AttIDs & "', MotMob = '" & MothMo & "', " &
"[Cast] = '" & SCast & "', SMSNo = '" & SMSNo & "',Student_Images=" & strImage & ",SType = '" & SType & "',Email = '" & Email & "',Aadhar = '" & Aadhar & "' Where AdmissionID = " & temp & ""
cmd.CommandText = SelStr
If strImage = "?" Then
cmd.Parameters.Add(strImage, SqlDbType.Image).Value = arrImage
End If
cmd.ExecuteNonQuery()
推荐答案
主要问题是您将值直接连接到SQL语句。而是使用 SqlParameter [ ^ ]保持安全,不受SQL注入,转换问题等的影响。
换句话说,代码应该类似于以下内容(仅添加几个参数作为示例)
The main problem is that you concatenate the values directly to the SQL statement. Instead use SqlParameter[^] to stay safe from SQL injections, conversion problems etc.
In other words the code should look something like the following (just few parameters added as an example)
SelStr = "Update Admission Set AdmissionNo = @AdmNo, ENClass = @ENClass, ..."
cmd.CommandText = SelStr
cmd.Parameters.AddWithValue("@AdmNo", AdmNo)
cmd.Parameters.AddWithValue("@ENClass", ENClass)
...
另一件事是你设置了值 Student_Images 到?根据后面的代码, strImage 的值可能是一个问号,但这几乎不是你应该添加到数据库列的。只是猜测,但是 Student_Images 的值应该是 arrImage
Another thing is that you set the value of Student_Images to ?. Based on the later code the value of strImage can be a question mark, but this is hardly what you're supposed to add to the database column. Just guessing but should the value of Student_Images be arrImage
这篇关于“?”附近的语法无效错误。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
