选择查询错误的语法问题 [英] select query incorrect syntax problem

查看:68
本文介绍了选择查询错误的语法问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这是我的选择查询



here is my select query

String selQuery = "SELECT (Bus_Route,Cost) FROM MapDataImage WHERE Source='" + Source_Box.Text + "' AND Destination='" + Distance_Box.Text + "'";
            {
                scmd1 = new SqlCommand(selQuery, conn2);
                SqlDataReader sqldread2 = scmd1.ExecuteReader();
                RouteDetails.Text = sqldread2["Bus_Route" + " Cost "].ToString();

            }





Executequery给我错误电话



','附近的语法不正确。



基本上我想将两列数据添加到一个文本框



这个方法错了吗?



谢谢



Executequery gives me error call

Incorrect syntax near ','.


basically i want to add two column data into one textbox

so is this method wrong?

Thanks

推荐答案

删除括号开头:

Remove the brackets to start with:
String selQuery = "SELECT Bus_Route,Cost FROM MapDataImage WHERE Source='" + Source_Box.Text + "' AND Destination='" + Distance_Box.Text + "'";

然后停止这样的SQL!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询:

Then stop doing SQL like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:

String selQuery = "SELECT Bus_Route,Cost FROM MapDataImage WHERE Source=@SC AND Destination=@DS";
scmd1 = new SqlCommand(selQuery, conn2);
scmd1.Parameters.AddWithValue("@SC", Source_Box.Text);
scmd1.Parameters.AddWithValue("@DS", Distance_Box.Text);
SqlDataReader sqldread2 = scmd1.ExecuteReader();
if (sqldread2.Read())
   {
   RouteDetails.Text = sqldread2["Bus_Route" + " Cost "].ToString();
   }


String selQuery = "SELECT Bus_Route,Cost FROM MapDataImage WHERE Source=@SC AND Destination=@DS";
            
                scmd1 = new SqlCommand(selQuery, conn2);
                scmd1.Parameters.AddWithValue("@SC", Source_Box.Text);
                scmd1.Parameters.AddWithValue("@DS", Distance_Box.Text);
                SqlDataReader sqldread2 = scmd1.ExecuteReader();
                if (sqldread2.Read())
                {
                    string newline = "Bus Route  = " + sqldread2["Bus_Route"].ToString() + "\r\n" + "Cost  = " + sqldread2["Cost"].ToString();
                    RouteDetails.Text = newline;
                    
                }





完成



Done


这篇关于选择查询错误的语法问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆