C＃中的SQL行出错 [英] Error in SQL Line in C#

问题描述

我在无效表达式术语中出现错误，在





SqlConnection sqlconn = new SqlConnection（Data Source = ARSALAN -PC; Initial Catalog = latestsensordata; Integrated Security = True）;

SqlDataAdapter sa = new SqlDataAdapter（）;



string query =insert into Table_1（SensorValue，Time）values（+ hexValue +，+ DateTime.Now.ToString（HH：MM：ss）+）;



sa.InsertCommand = new SqlCommand（query，sqlconn）;

I am getting error in Invalid Expression Term "," in


SqlConnection sqlconn = new SqlConnection("Data Source=ARSALAN-PC;Initial Catalog=latestsensordata;Integrated Security=True");
SqlDataAdapter sa = new SqlDataAdapter();

string query = "insert into Table_1(SensorValue,Time) values(" +hexValue+, +DateTime.Now.ToString("HH:MM:ss")+")";

sa.InsertCommand = new SqlCommand(query, sqlconn);

推荐答案

如果双击IDE中的错误，它将需要你直接问题了。

你有一个逗号 hexValue + - 你实际上缺少一些双引号

If you double click on the error in the IDE it will take you straight to the problem.
You have a comma after hexValue+ - You''re actually missing some double quotes

首先，不要这样做：不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。



其次，修复第一个将解决第二个：你需要更多的双引号。

First off, don''t do it like that: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Secondly, fixing the first one will solve the second: you need some more double quotes.

string query = "insert into Table_1(SensorValue,Time) values(" +hexValue+, +DateTime.Now.ToString("HH:MM:ss")+")";

成为

Becomes

string query = "insert into Table_1(SensorValue,Time) values(" +hexValue+ ", " +DateTime.Now.ToString("HH:MM:ss")+")";

但是请使用参数化查询：

But do use parametrised queries:

string query = "insert into Table_1(SensorValue,Time) values(@SV, @TM)";
sa.InsertCommand = new SqlCommand(query, sqlconn);
sa.InsertCommand.Parameters.AddWithValue("@SV", hexValue);
sa.InsertCommand.Parameters.AddWithValue("@TM", DateTime.Now.ToString("HH:MM:ss"));

BTW：对于字段使用相同的名称作为数据类型是个坏主意 - 它可能会导致某些查询出现问题。将时间更改为SpotTime或更好地描述它的其他内容。



：doh：复制和粘贴很棒 - 当你记得更新时变量名...@SV复制更改为@TM以匹配SELECT语句 - OriginalGriff [/ edit]

BTW: It is a bad idea to use the same name for a field as a datatype - it can cause problems with some queries. Change "Time" to "SpotTime" or something else which describes it better.

[edit] :doh: Copy and Paste is great - when you remember to update the variable names... "@SV" duplicate changed to "@TM" to match the SELECT statement - OriginalGriff[/edit]

嗨。



你错过了SQL语句中的两件事：

- 在两个+之间的，附近用双引号。

- 单引号（或其他分隔符）围绕DateTime字符串表示。



所以代码应该是：

Hi.

You missed two things inside the SQL statement:
- Double quotation marks around the "," between the two "+".
- Single quotes (or other separator) surrounding the DateTime string representation.

So the code should be:

string query = "insert into Table_1(SensorValue,Time) values(" +hexValue+ ",
                    ''" +DateTime.Now.ToString("HH:MM:ss") + "'')";

问候，

Daniele。

Regards,
Daniele.

这篇关于C＃中的SQL行出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！