[英]Microsoft OLE DB Provider for SQL Server error '80040e14' Incorrect syntax near '='
I get this error when i try to retrieve the data from database using the following piece of code. 当我尝试使用以下代码从数据库中检索数据时,我收到此错误。
Can someone help? 有人可以帮忙吗?
set rs = Server.CreateObject("ADODB.recordset")
sql = " SELECT * from COMPANY WHERE COMPANY_ID = " & Request.Form("CompanyId")
rs.Open sql, cnn
First of all, this is bad practice to do ad-hoc queries without using parameters. 首先,在不使用参数的情况下进行即席查询是不好的做法。 SQL Injection attack info: http://en.wikipedia.org/wiki/SQL_injection SQL注入攻击信息: http : //en.wikipedia.org/wiki/SQL_injection
To answer the question, though, you need to have single quotes around your varchar or char value that you are searching for. 但是,要回答这个问题,您需要在您要搜索的varchar或char值周围使用单引号。
set rs = Server.CreateObject("ADODB.recordset")
sql = " SELECT * from COMPANY WHERE COMPANY_ID = '" & Request.Form("CompanyId") & "'"
rs.Open sql, cnn
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.