查询表达式中的C＃语法错误（缺少运算符）

Question

I receive this error on cmd.ExecuteNonQuery() ... I think I am wrong on cmd.CommandText ... 我在cmd.ExecuteNonQuery()上收到此错误...我认为在cmd.CommandText上我错了...

Syntax error (missing operator) in query expression 'Nr_Crt='1' and Varsta '3' and KG '2' and Specie 'Iepure' and Risc'Nu' and Tip1 'Diurn' and Tip2 'Carnivor''. 查询表达式'Nr_Crt ='1'和Varsta'3'和KG'2'以及Specie'Iepure'和Risc'Nu'和Tip1'Diurn'和Tip2'Carnivor'的语法错误（缺少运算符）。

    private void button2_Click_1(object sender, EventArgs e)
        {
            if (txtNr_Crt.Text != " " & txtVarsta.Text != " " & txtKG.Text != " " & txtSpecie.Text != " " & txtRisc.Text != " " & txtTip1.Text != " " & txtTip1.Text != " " & txtTip2.Text != "")
            {

                cn.Open();
                cmd.CommandText = "DELETE from Animale Where Nr_Crt='" + txtNr_Crt.Text + "' and Varsta '" + txtVarsta.Text + "' and KG '" + txtKG.Text + "' and Specie '" + txtSpecie.Text + "' and Risc'" + txtRisc.Text + "' and Tip1 '" + txtTip1.Text + "' and Tip2 '" + txtTip2.Text + "'";
                cmd.ExecuteNonQuery();
                cn.Close();

                loaddata();

                txtNr_Crt.Text = "";
                txtVarsta.Text = "";
                txtKG.Text = "";
                txtSpecie.Text = "";
                txtSex.Text = "";
                txtRisc.Text = "";
                txtTip1.Text = "";
                txtTip2.Text = "";
            }
        }

Answer 1

You code is vulnerable to SQL injection, i'd fix that. 您的代码容易受到SQL注入的攻击，我会解决此问题。

The issue is that you are missing the = from each of your subsequent and 's: 问题是您在每个后继and都缺少= ：

cn.Open();

cmd.Parameters.AddWithValue("@Nr_Crt", txtNr_Crt.Text);  
cmd.Parameters.AddWithValue("@Varsta", txtVarsta.Text);  
cmd.Parameters.AddWithValue("@KG", txtKG.Text);  
cmd.Parameters.AddWithValue("@Specie", txtSpecie.Text);  
cmd.Parameters.AddWithValue("@Risc", txtRisc.Text);  
cmd.Parameters.AddWithValue("@Tip1", txtTip1.Text);  
cmd.Parameters.AddWithValue("@Tip2", txtTip2.Text);  
cmd.CommandText = "DELETE from Animale Where Nr_Crt= @Nr_Crt and Varsta = @Varsta and KG = @KG and Specie = @Specie and Risc = @Risc and Tip1 = @Tip1 and Tip2 = @Tip2";

cmd.ExecuteNonQuery();
cn.Close();

This should fix it (and the SQL injection risk) 这应该可以解决（以及SQL注入风险）

Answer 2

Your query is wrong. 您的查询是错误的。 You are missing = when comparing the columns 您缺少=比较列时

cmd.CommandText = "DELETE from Animale Where Nr_Crt='" + txtNr_Crt.Text + "' and Varsta='" + txtVarsta.Text + "' and KG='" + txtKG.Text + "' and Specie='" + txtSpecie.Text + "' and Risc='" + txtRisc.Text + "' and Tip1='" + txtTip1.Text + "' and Tip2='" + txtTip2.Text + "'";

Answer 3

foreach(Control ctrl in this.Controls)
{
    if (ctrl is TextBox)
    {
      ctrl.text="";
    }
}

For cleaning all textbox at once :) you can create a Method that performs it when you need it 为了一次清理所有文本框:)，您可以创建一个在需要时执行该方法的方法

查询表达式中的C＃语法错误（缺少运算符）

问题描述

3 个解决方案

解决方案1
1 2013-12-05 12:34:14

解决方案2
0

解决方案3
0 2016-12-26 22:46:36

查询表达式中的C＃语法错误（缺少运算符）

问题描述

3 个解决方案

解决方案1 1 2013-12-05 12:34:14

解决方案2 0

解决方案3 0 2016-12-26 22:46:36

解决方案1
1 2013-12-05 12:34:14

解决方案2
0

解决方案3
0 2016-12-26 22:46:36