您的SQL语法有误;检查与您的MySQL服务器版本相对应的手册,以在第1行的'= 1'附近使用正确的语法 [英] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 1' at line 1

查看:161
本文介绍了您的SQL语法有误;检查与您的MySQL服务器版本相对应的手册,以在第1行的'= 1'附近使用正确的语法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

请帮助我查找错误.
在此先感谢

 字符串 qry = "  + tableName + "  + campaignid;中选择*;
           ds = MySqlHelper.ExecuteDataset(GetConnectionString(),qry);
           如果(ds!= && ds.Tables.Count  0 &&ds ds.Tables [>   0 )
           {
               Control.DataSource = ds;
               Control.DataTextField = lstText;
               Control.DataValueField = lstValue;
               Control.DataBind();
           }

解决方案

最可能的原因是您的tablename不以空格结尾-因此它将与"where"一起运行形成新名称:

  SELECT  * > FROM  myTablewhere campaignid =  字符串 qry = "  + tableName +   where campaignid =" + campaignid; 中选择* > 

成为


 字符串 qry = "  + tableName + "  + campaignid; 
 



但是无论如何都不是一个好主意:不要串联字符串来构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.



顺便说一句:使用SELECT * FROM也是一种糟糕的形式-它可能会返回您不需要或不需要的数据,例如图像数据.更好的做法是按照所需的顺序显式列出所需的字段.


Pls Help me in Finding the error.
Thanks in advance

string qry = "select * from " + tableName + "where campaignid= " + campaignid;
           ds = MySqlHelper.ExecuteDataset(GetConnectionString(), qry);
           if (ds != null && ds.Tables.Count > 0 && ds.Tables[0].Rows.Count > 0)
           {
               Control.DataSource = ds;
               Control.DataTextField = lstText;
               Control.DataValueField = lstValue;
               Control.DataBind();
           }

解决方案

The most likely reason is that your tablename does not end with a space - so it will get run together with the "where" to form a new name:

SELECT * FROM myTablewhere campaignid= 1


Try adding a space to your code:

string qry = "select * from " + tableName + "where campaignid= " + campaignid;


Becomes

string qry = "select * from " + tableName + " where campaignid= " + campaignid;



But it is not a good idea to do that anyway: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

BTW: It is also poor form to use SELECT * FROM - it may return data you don''t want or need such as image data. It is much better practice to explicitly list the fields you want, in the order you want them.


这篇关于您的SQL语法有误;检查与您的MySQL服务器版本相对应的手册,以在第1行的'= 1'附近使用正确的语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆