#错误附近的语法无效。 [英] invalid Syntax near # error.
问题描述
我已将数据库从Access转换为SQL。因为Sql不接受format()所以它显示#附近的无效语法错误。我怎么解决这个问题。请帮帮我。
这是我的代码。
Private Sub LoadGrid()
Da =新SqlDataAdapter(SELECT StudentAccountS.StClass,StudentAccountS.StAdmNo,StudentAccountS.StName,StudentAccount.Amount,StudentAccountS.Remark,StudentAccountS.ReceiptNo,StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID其中&
(StudentAccountS.Dated =#&Format(SelDate,MM / dd / yyyy)&#) ,康宁)
GridDT =新数据表
Da.Fill(GridDT)
结束Sub
I Have Converted my database from Access To SQL .As Sql Doesn't accept format() so it shows an error of invalid Syntax near #. How can I Solve this problem. Please help me.
This is my Code.
Private Sub LoadGrid()
Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & Format(SelDate, "MM/dd/yyyy") & "#)", Conn)
GridDT = New DataTable
Da.Fill(GridDT)
End Sub
推荐答案
修复 SQL注入 [ ^ ]代码中的漏洞,你会同时修复此问题:
Fix the SQL Injection[^] vulnerability in your code, and you'll fix this problem at the same time:
Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where (StudentAccountS.Dated = @Dated)", Conn)
Da.SelectCommand.Parameters.AddWithValue("@Dated", SelDate)
GridDT = New DataTable
Da.Fill(GridDT)
你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ]
如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]
查询参数化备忘单| OWASP [ ^ ]
SQL注入攻击机制Pluralsight [ ^ ]
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
SQL injection attack mechanics | Pluralsight [^]
在SQL中,您将使用 CONVERT [ ^ ]函数。
In SQL you would use the CONVERT[^] function.
Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & CONVERT(VARCHAR(10), SelDate, 101) & "#)", Conn)
这篇关于#错误附近的语法无效。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!