错误:关键字“ group”附近的语法不正确
[英]ERROR : Incorrect syntax near the keyword 'group'
问题描述
i am new to WEB developing . 
我是Web开发的新手。 I am having an error while trying to insert data to my database : plz help me , the error i am getting is : 尝试向数据库中插入数据时出现错误:请帮助我,我得到的错误是:
Server Error in '/musa/rental' Application. “ / musa / rental”应用程序中的服务器错误。
Incorrect syntax near the keyword 'group'. 关键字“ group”附近的语法不正确。
Description: An unhandled exception occurred during the execution of the current web request. 说明:执行当前Web请求期间发生未处理的异常。 Please review the stack trace for more information about the error and where it originated in the code. 请查看堆栈跟踪,以获取有关错误及其在代码中起源的更多信息。
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'group'. 异常详细信息:System.Data.SqlClient.SqlException:关键字'group'附近的语法不正确。
Source Error:
Line 41: con.Open();
Line 42: SqlCommand objcmd = new SqlCommand("Insert into group(std1,std2,std3,std4) Values('" + usernames[1] + "','" + usernames[2] +"','"+ usernames[3] + "','"+ usernames[4] + "')", con);
Line 43: objcmd.ExecuteNonQuery();
Line 44: con.Close();
Line 45:
Source File: g:\musa\rental\addgroup.aspx.cs Line: 43
My addgroup.aspx file is - 我的addgroup.aspx文件是-
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class addgroup : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
System.Collections.Specialized.NameValueCollection nvc = Request.Form;
string[] usernames = new string[6];
usernames[1] = ""; usernames[2] = ""; usernames[3] = ""; usernames[4] = "";
if (!string.IsNullOrEmpty(nvc["username1"]))
{
usernames[1] = nvc["username1"];
}
if (!string.IsNullOrEmpty(nvc["username2"]))
{
usernames[2] = nvc["username2"];
}
if (!string.IsNullOrEmpty(nvc["username3"]))
{
usernames[3] = nvc["username3"];
}
if (!string.IsNullOrEmpty(nvc["username4"]))
{
usernames[4] = nvc["username4"];
}
if (!string.IsNullOrEmpty(nvc["username1"]))
{
Label1.Text = nvc["username1"];
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["mycon"].ConnectionString;
con.Open();
SqlCommand objcmd = new SqlCommand("Insert into group (std1,std2,std3,std4) Values ('" + nvc["username1"] + "','" + nvc["username2"] + "','" + nvc["username3"] + "','" + nvc["username4"] + "')", con);
objcmd.ExecuteNonQuery();
con.Close();
}
else
{
Label1.Text = "sorry!";
}
}
}
1 个解决方案
解决方案1
2 已采纳 2015-02-27 22:56:18
GROUP is a reserved keyword , if you really want to use it as a tablename (a very bad practice in my opinion) then you need to encapsulate it in square brackets GROUP是一个保留关键字 ,如果您真的想将其用作表名(我认为这是非常糟糕的做法),则需要将其封装在方括号中
SqlCommand objcmd = new SqlCommand("Insert into [group] (std1,std2,std3,std4) Values ...
Said that, I wish to suggest learning how to write parameterized query instead of string concatenations. 话虽如此,我希望建议学习如何编写参数化查询而不是字符串连接。 Your code is very weak and it easily crackable using Sql Injection . 您的代码非常弱,并且可以使用Sql Injection轻松破解。
See example in SqlCommand.Parameters MSDN documentation 请参见SqlCommand.Parameters MSDN文档中的示例
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.