堆栈内存溢出
  简体   繁体   English

附加信息:关键字“ where”附近的语法不正确

[英]Additional information: Incorrect syntax near the keyword 'where'

 原文  2015-09-10 23:14:13       c#/ sql/ sql-server

问题描述

Erro Query 错误查询

Error: "Additional information: Incorrect syntax near the keyword 'where'." 错误:“其他信息:关键字'where'附近的语法不正确。”

my cod 我的鳕鱼 

private void button11_Click(object sender, EventArgs e)
    {
        {
            string connectionString = GetCString();
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();
                string query = string.Format("INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')", textBox20.Text, textBox19.Text);
                using (SqlCommand cmd = new SqlCommand(query, connection))

                    cmd.ExecuteNonQuery();
                Logger.getS().info_pc(string.Format("Foi Enviado : {0} Cps , Para : {1}", textBox20.Text, textBox19.Text));
            }


        }
    }

Error Query: 错误查询: 

"INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')"

4 个解决方案

解决方案1
 4  2015-09-10 23:19:04

Are you sure you want insert ? 您确定要insert吗? You most likely want to update 您最有可能想要update 

 UPDATE Sys_Users_Detail
        SET Money = {0}
        WHERE NickName = '{1}'

I assume that Money is a decimal value so you should not have quotes around the value. 我认为Money是一个十进制值,因此您不应在该值两边加上引号。

Also by using string.Format you are open to a SQL injection attack . 同样通过使用string.Format您也很容易受到SQL注入攻击 Use SqlParameter to avoid an attack. 使用SqlParameter避免攻击。

解决方案2
 1  2015-09-10 23:18:02

It is not a valid INSERT statement. 这不是有效的INSERT语句。 1) INSERT cannot have a WHERE clause. 1)INSERT不能有WHERE子句。 2) The money column is probably numeric so the value should not be quoted. 2) money列可能是数字,因此不应引用该值。 Also this is good example candidate for SQL injection - see comment below question. 这也是SQL注入的很好的示例候选人-请参阅问题下方的评论。

解决方案3
 0  2015-09-10 23:23:26

That is not a valid INSERT query. 那不是有效的INSERT查询。 It looks like you're trying to update a value based on NickName , which isn't what INSERT is for. 看来您要基于NickName更新值,而这并不是INSERT目的。

If that's the case, try: 如果是这种情况,请尝试: 

UPDATE Sys_Users_Detail
SET Money = '{0}'
WHERE NickName = '{1}'

解决方案4
 -2  2015-09-10 23:55:42

查询必须在INSERT查询中必须在INSERT查询中必须在INSERT查询中必须在INSERT中

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 附加信息:“ s”附近的语法不正确 - Additional information: Incorrect syntax near 's' 附加信息:“ VALUE”附近的语法不正确 - Additional information: Incorrect syntax near 'VALUE' SQL Server:“ =”附近的语法不正确关键字“ WHERE”附近的语法不正确 - SQL Server : incorrect syntax near '=' Incorrect syntax near the keyword 'WHERE' c#关键字附近的语法不正确? - incorrect syntax near the keyword where c#? 更新语句中关键字“ where”附近的语法不正确 - Incorrect syntax near the keyword 'where' in update statement 调试在关键字“ where”附近产生不正确的语法 - Debugging yields incorrect syntax near keyword 'where' 关键字附近的语法不正确 - Incorrect syntax near the keyword 关键字附近的语法不正确 - Incorrect syntax near the keyword 引发异常:System.Data.dll中的“ System.Data.SqlClient.SqlException”附加信息:关键字“表”附近的语法不正确 - Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.dll Additional information: Incorrect syntax near the keyword 'Table' 错误关键字“ WHERE”附近的语法不正确,用于过滤Gridview的复选框列表 - Error Incorrect syntax near the keyword 'WHERE', checkbox list to filter Gridview
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM