查询字符串中出现问题 [英] Problem occured in query string

问题描述

在vb.net中，我想从三个表中获取值并将数据源设置为crystal，因此我正在使用以下编码，但是会发生错误，请为我解决此问题

In vb.net i want to get the values from three tables and set the datasource to crystal so i am using following coding but the error will occured please help me for this problem

Dim sqlda As New SqlDataAdapter("select Projid,PName,Date,TotalAmount,Status from PDetails1 where Ccode = '" & cuscode & "' union select dcode,dname,Regdate,Totamt,status from domain where CTno='" & cuscode & "'  union  select Name,wcode,webhostname,Rdate,totamt,Status from webhost where Ccode='" & cuscode & "' union select code,Description,RenewalDate,Amount,Status from Renewal CCode='" & cuscode & "'", con)
            Dim sqlda As New SqlDataAdapter("select T1.Projid,T1.PName,T1.Date,T1.TotalAmount,T1.Status,T2.Dcode,T2.Dname,T2.Regdate,T2.Totamt,T2.Status,T3.Name,T3.Wcode,T3.webhostname,T3.Rdate,T3.totamt,T3.Status,T4.Code,T4.Description,T4.Renewaldate,T4.Amount,T4.Status from PDetails1 T1,Domain T2,Webhost T3,Renewal T4 where T1.Ccode=T2.CTNo and T2.CTno=T3.CCode and T4.CCode=T1.Ccode and T1.CCode= '" & cuscode & "' and T2.CTno='" & cuscode & "' or T3.Ccode='" & cuscode & "' Or T4.CCode='" & cuscode & "' order by T4.CCode", con)
          Dim ProDset1 As New DataSet
          sqlda.Fill(ProDset1)
          'DataGridView1.DataSource = ProDset1.Tables(0)
          Dim rrview As New reportviewer
          Dim RptProstmt As New cusreport
          RptProstmt.SetDataSource(ProDset1.Tables(0))

请帮助我
在此先感谢

Please help me
Thanks in advance

推荐答案

不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.请改用参数化查询.

很有可能同时解决您的问题！

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

There is a good chance that this will cure your problem at the same time!

尊敬的使用数据集文件来构建查询结果&通过该数据集生成报表
bcoz水晶报告显示与数据库的连接错误过多.
如果您不舒服，我可以向您发送代码

Dear use dataset file to build query result & make your report by that dataset
bcoz crystal report showing too much error on connection with database.
if u r uncomfortable i can send u the code

最可能的原因是，连接的值包含非法字符，例如".如建议的那样，始终使用参数.请参阅: SqlParameter [

The likeliest reason is that the concatenated value contains illegal characters such as ''. As suggested always use parameters. See: SqlParameter[^]

Another possibilities are that the number of columns in the different select''s combined by UNION do not match or the data types do not match.

Also in your latter query, you have both AND and OR conditions combined. However, you have not used any parenthesis, so the chances are that you''re going to get wrong results.

这篇关于查询字符串中出现问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！