#错误附近的语法无效。 [英] invalid Syntax near # error.

查看:72
本文介绍了#错误附近的语法无效。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已将数据库从Access转换为SQL。因为Sql不接受format()所以它显示#附近的无效语法错误。我怎么解决这个问题。请帮帮我。



这是我的代码。



Private Sub LoadGrid()



Da =新SqlDataAdapter(SELECT StudentAccountS.StClass,StudentAccountS.StAdmNo,StudentAccountS.StName,StudentAccount.Amount,StudentAccountS.Remark,StudentAccountS.ReceiptNo,StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID其中&

(StudentAccountS.Dated =#&Format(SelDate,MM / dd / yyyy)&#) ,康宁)



GridDT =新数据表

Da.Fill(GridDT)

结束Sub

I Have Converted my database from Access To SQL .As Sql Doesn't accept format() so it shows an error of invalid Syntax near #. How can I Solve this problem. Please help me.

This is my Code.

Private Sub LoadGrid()

Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & Format(SelDate, "MM/dd/yyyy") & "#)", Conn)

GridDT = New DataTable
Da.Fill(GridDT)
End Sub

推荐答案

修复 SQL注入 [ ^ ]代码中的漏洞,你会同时修复此问题:

Fix the SQL Injection[^] vulnerability in your code, and you'll fix this problem at the same time:
Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where (StudentAccountS.Dated = @Dated)", Conn)

Da.SelectCommand.Parameters.AddWithValue("@Dated", SelDate)

GridDT = New DataTable
Da.Fill(GridDT)





你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ]

如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]

查询参数化备忘单| OWASP [ ^ ]

SQL注入攻击机制Pluralsight [ ^ ]



Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
SQL injection attack mechanics | Pluralsight [^]


在SQL中,您将使用 CONVERT [ ^ ]函数。

In SQL you would use the CONVERT[^] function.
Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & CONVERT(VARCHAR(10), SelDate, 101) & "#)", Conn)


这篇关于#错误附近的语法无效。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆