C＃ - 网站 - SQL SELECT语句 [英] C# - Web Site - SQL Select Statement

问题描述

我想用select语句来寻找是否有一个已经存在的记录。我已经把下面的代码，但它在dReader = comm.ExecuteReader引发错误（）;而我不能确定为什么。任何帮助

I want to use a select statement to find if there is a record that already exists. I've put the code below but it throws an error at the dReader = comm.ExecuteReader(); and i'm unsure why. Any help?

    string connString = "Data Source=KIMMY-MSI\\SQLEXPRESS;Initial Catalog=Northwind;Integrated Security=True";

    SqlDataReader dReader;
    SqlConnection conn = new SqlConnection(connString);
    SqlCommand comm = new SqlCommand();
    comm.Connection = conn;

    comm.CommandText = "SELECT * FROM Customers WHERE CustomerID == " + txtID.Text;
    comm.Connection.Open();

    dReader = comm.ExecuteReader();

    if (dReader.HasRows == true)
    {
        Response.Write("Exists");
    }

错误：

The error:

Invalid Column Name (whatever I input)

这似乎要寻找一个列命名我输入而不是寻找的实际数据。

It seems to be looking for a column named what I input rather than looking for the actual data.

推荐答案

更改 == 到 = 。这是无效的SQL，因为它是。

Change your == to =. That is invalid SQL as it is.

此外，如果txtID.Text非数值则需要在单引号。你不应该构建您这样的SQL，而不是使用参数：

Also if txtID.Text is non-numeric then it needs to be in single quotes. You should not be constructing your SQL like this, instead use a parameter:

comm.CommandText = "SELECT * FROM Customers WHERE CustomerID = @CustomerID";
comm.Parameters.AddWithValue("CustomerID", txtID.Text);    

更多信息

的 using语句

< A HREF =htt​​p://www.w3schools.com/sql/sql_quickref.asp相对=nofollow> SQL参考

的 SQL注入（为什么你应该参数化查询）

SQL injection (why you should parameterize your queries)

这篇关于C＃ - 网站 - SQL SELECT语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！