C# - 网站 - SQL SELECT语句 [英] C# - Web Site - SQL Select Statement
问题描述
我想用select语句来寻找是否有一个已经存在的记录。我已经把下面的代码,但它在dReader = comm.ExecuteReader引发错误();而我不能确定为什么。任何帮助
I want to use a select statement to find if there is a record that already exists. I've put the code below but it throws an error at the dReader = comm.ExecuteReader(); and i'm unsure why. Any help?
string connString = "Data Source=KIMMY-MSI\\SQLEXPRESS;Initial Catalog=Northwind;Integrated Security=True";
SqlDataReader dReader;
SqlConnection conn = new SqlConnection(connString);
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "SELECT * FROM Customers WHERE CustomerID == " + txtID.Text;
comm.Connection.Open();
dReader = comm.ExecuteReader();
if (dReader.HasRows == true)
{
Response.Write("Exists");
}
错误:
The error:
Invalid Column Name (whatever I input)
这似乎要寻找一个列命名我输入而不是寻找的实际数据。
It seems to be looking for a column named what I input rather than looking for the actual data.
推荐答案
更改 ==
到 =
。这是无效的SQL,因为它是。
Change your ==
to =
. That is invalid SQL as it is.
此外,如果txtID.Text非数值则需要在单引号。你不应该构建您这样的SQL,而不是使用参数:
Also if txtID.Text is non-numeric then it needs to be in single quotes. You should not be constructing your SQL like this, instead use a parameter:
comm.CommandText = "SELECT * FROM Customers WHERE CustomerID = @CustomerID";
comm.Parameters.AddWithValue("CustomerID", txtID.Text);
更多信息
的 using语句
< A HREF =http://www.w3schools.com/sql/sql_quickref.asp相对=nofollow> SQL参考
的 SQL注入(为什么你应该参数化查询)
SQL injection (why you should parameterize your queries)
这篇关于C# - 网站 - SQL SELECT语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!