＃错误附近的语法无效。 [英] invalid Syntax near # error.

问题描述

我已将数据库从Access转换为SQL。因为Sql不接受format（）所以它显示＃附近的无效语法错误。我怎么解决这个问题。请帮帮我。



这是我的代码。



Private Sub LoadGrid（）



Da =新SqlDataAdapter（SELECT StudentAccountS.StClass，StudentAccountS.StAdmNo，StudentAccountS.StName，StudentAccount.Amount，StudentAccountS.Remark，StudentAccountS.ReceiptNo，StudentAccount.TransactionID，StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID其中&

（StudentAccountS.Dated =＃&Format（SelDate，MM / dd / yyyy）&＃） ，康宁）



GridDT =新数据表

Da.Fill（GridDT）

结束Sub

I Have Converted my database from Access To SQL .As Sql Doesn't accept format() so it shows an error of invalid Syntax near #. How can I Solve this problem. Please help me.

This is my Code.

Private Sub LoadGrid()

Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & Format(SelDate, "MM/dd/yyyy") & "#)", Conn)

GridDT = New DataTable
Da.Fill(GridDT)
End Sub

推荐答案

修复 SQL注入 [ ^ ]代码中的漏洞，你会同时修复此问题：

Fix the SQL Injection[^] vulnerability in your code, and you'll fix this problem at the same time:

Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where (StudentAccountS.Dated = @Dated)", Conn)

Da.SelectCommand.Parameters.AddWithValue("@Dated", SelDate)

GridDT = New DataTable
Da.Fill(GridDT)

你想知道关于SQL注入的一切（但不敢问）特洛伊亨特 [ ^ ]

如何在没有技术术语的情况下解释SQL注入？ |信息安全堆栈交换 [ ^ ]

查询参数化备忘单| OWASP [ ^ ]

SQL注入攻击机制Pluralsight [ ^ ]

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
SQL injection attack mechanics | Pluralsight [^]

在SQL中，您将使用 CONVERT [ ^ ]函数。

In SQL you would use the CONVERT[^] function.

Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " &
"(StudentAccountS.Dated = #" & CONVERT(VARCHAR(10), SelDate, 101) & "#)", Conn)

这篇关于＃错误附近的语法无效。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！