'System.Data.DataRowView'附近的语法不正确. [英] Incorrect syntax near 'System.Data.DataRowView'.

问题描述

dbCommand = new SqlCommand("SELECT CountryName, Results.CountryId FROM Results,Country WHERE Country.CountryId = Results.CountryId AND GameId '" + cboGameID.SelectedValue + "'", dbConnection);

dbAdapter = new SqlDataAdapter(dbCommand);
dsResults = new DataSet();
dbAdapter.Fill(dsResults, "results");
cboCountryName.DataSource = dsResults.Tables["results"];
cboCountryName.DisplayMember = "CountryName";

推荐答案

AND GameId '" + cboGameID.SelectedValue + "'", dbConnection);

在字段GameId->之后需要一个等于. AND GameId = ''" + cboGamied.SelectedValue ...

You need an equal to after the field GameId -> AND GameId = ''" + cboGamied.SelectedValue...

好吧，Abhinav可能已经为您提供了正确的答案.我想补充一点，尽管做自己的事情不是一个好习惯.您应该远离参数化查询的性能和安全性(您听说过的所有SQL注入攻击都是由未参数化的查询引起的！)；
请尝试以下方法！

Well Abhinav probably gave you the right answer already. I want to add though that doing what you are doing is not a good practice. You should aways parameterize your queries for performance and safety (all those SQL injection attacks you''ve been hearing about were caused by queries that were not parameterized!) ;)
Try the following instead!

dbCommand = new SqlCommand("SELECT CountryName, Results.CountryId FROM Results,Country WHERE Country.CountryId = Results.CountryId AND GameId = @GameId '");
cmd.Parameters.AddWithValue("@GameId", cboGameID.SelectedValue);

@GameId将替换为您在参数中指定的值，而SqlServer会执行其余操作:)
没有SQL注入，没有性能下降，您的查询将被缓存，您的代码看起来更整洁，所有人都赢了！

希望对您有所帮助:)

@GameId will be replaced with the value you specified in the parameter and SqlServer does the rest :)
No SQL injection, no performance hit, your query will be cached, your code looks cleaner, everyone wins!

Hope that helps :)

这篇关于'System.Data.DataRowView'附近的语法不正确.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！