无法解析C#中的SQL查询 [英] Can't parse SQL Query in C#

问题描述

大家好！

我正在对程序进行不断的修改.我偶然发现了一个编译器无法解析的查询，我不确定为什么.

这是查询:
SqlCeCommand cc_waveform_fullname_comms = new SqlCeCommand(从波形文件中选择文件名，其中文件名类似％(""+ cc_list_element +")"，conn);
cc_waveform_fullname_comms.CommandType = CommandType.Text;
SqlCeDataReader cc_waveform_fullname_comms_dr = cc_waveform_fullname_comms.ExecuteReader();

编译器不愿执行以下语句:
SqlCeDataReader cc_waveform_fullname_comms_dr = cc_waveform_fullname_comms.ExecuteReader();

因此:
{解析查询时出错.[令牌行号= 1，令牌行偏移量= 59，令牌中的错误=％]}

我正在Visual Studio 2012中使用C#.

我的猜测是，编译器不喜欢％进行LIKE比较.我是在正确的轨道上还是我没有看到的故事呢?

Hi everyone!

I am in the process of making ongoing modifications to my program. I''ve stumbled across a query that the compiler can''t parse and I''m not sure why.

Here is the query:
SqlCeCommand cc_waveform_fullname_comms = new SqlCeCommand("SELECT file_name FROM waveform_files WHERE file_name LIKE % ('' " + cc_list_element + " '')", conn);
cc_waveform_fullname_comms.CommandType = CommandType.Text;
SqlCeDataReader cc_waveform_fullname_comms_dr = cc_waveform_fullname_comms.ExecuteReader();

The compiler is balking at this statement:
SqlCeDataReader cc_waveform_fullname_comms_dr = cc_waveform_fullname_comms.ExecuteReader();

For this reason:
{"There was an error parsing the query. [ Token line number = 1,Token line offset = 59,Token in error = % ]"}

I am using C# with Visual Studio 2012.

My guess is is that the compiler doesn''t like the % for LIKE comparisons. Am I on the right track or is there more to the story that I''m not seeing?

推荐答案

％应该出现在单引号中，我也会将查询更改为使用参数，而不是使用内联连接.拥有它的方式，SQL注入是巨大的风险.

The % should appear within the single quote, I would also change your query to use parameters instead of the inline concatenation you use. The way you have it, sql injection is a huge risk.

... SELECT file_name FROM waveform_files WHERE file_name LIKE '%" + cc_list_element + "'"

这篇关于无法解析C#中的SQL查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！