我有一个错误System.Data.SqlClient.SqlException:'ProductID'附近的语法不正确. [英] Im having an error System.Data.SqlClient.SqlException: Incorrect syntax near 'ProductID'.

问题描述

protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e)
        {
            if (e.CommandName == "Select")
            {


                openConnection();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = cn;
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "Insert into Cart values ProductID = @ProductID, ProductName = @ProductName, SellingPrice = @Price";

                cmd.ExecuteNonQuery();
                closeConnection();

推荐答案

解决这些问题的方法是首先将sql语句分配给字符串变量.然后在此处设置一个断点，然后对Management Studio中的sql进行故障排除.似乎您的命令中缺少Parameter.因此，请添加参数并尝试执行它.

Troubleshoot these issues is to first assign the sql statement to string variable. Then set a breakpoint there and then troubleshoot the sql in management studio.Seems that Parameter is missing in your command. So add the parameter and try to execute it.

显然，您的数据命令上没有添加任何参数，这可能会导致错误.尝试先添加参数.

[更新]
示例:

There are obviously no parameters added on your data command, which might caused the error. Try adding the parameters first.

[Update]
Example:

cmd.Parameters.AddWithValue("@ProductID",[your value]);
cmd.Parameters.AddWithValue("@ProductName",[your value]);
cmd.Parameters.AddWithValue("@Price",[your value]);

您的查询有错误.
正确的查询是:

Your query has an error.
The correct query is:

string value1, value2, value3;
:
:
:
cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values (@ProductID, @ProductName, @Price)";

然后通过以下方式设置参数:

Then set Parameters by:

cmd.Parameters.Add(new SqlParameter("@ProductID",value1));
cmd.Parameters.Add(new SqlParameter("@ProductName",value2));
cmd.Parameters.Add(new SqlParameter("@SellingPrice",value3));

或作为有风险的快捷方式，您可以执行此操作(或仅用于本地主机):

or as a RISKY SHORTCUT, you can do this (or use only for localhost):

cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values (''"+value1+"'',''"+value2+"'',''"+value3+"'')";

您执行此操作，无需设置任何参数.但是同时会增加SQL注入攻击的可能性.因此，编写代码要自己承担风险！

SQLing祝您好运！

You do this and there''s no need of setting any Parameters. But at the same time will increase possibility of SQL injection attacks. So, code at your own RISK!

Good Luck for SQLing!!

这篇关于我有一个错误System.Data.SqlClient.SqlException:'ProductID'附近的语法不正确.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！