堆栈内存溢出
  简体   繁体   English

异常详细信息:System.Data.SqlClient.SqlException:'='附近的语法不正确

[英]Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '='

 原文  2015-12-17 11:31:14       c#/ asp.net/ sql-server/ login

问题描述

I created simple asp.net c# web page that shows the name of the user who logged in, it works fine but the problem is when I leave the page open for a while and I refresh it or click any button on it it gives me an error and I have to go back to the login page and login again to make the error go, this error message: 我创建了一个简单的asp.net c#网页,该网页显示了登录用户的名称,可以正常工作,但问题是当我将该页面打开一段时间并刷新或单击它上的任何按钮时,它会给我一个提示。错误,我必须返回登录页面并再次登录才能使错误消失,该错误消息为:

Incorrect syntax near '='. '='附近的语法不正确。 Description: An unhandled exception occurred during the execution of the current web request. 说明:执行当前Web请求期间发生未处理的异常。 Please review the stack trace for more information about the error and where it originated in the code. 请查看堆栈跟踪,以获取有关错误及其在代码中起源的更多信息。

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '='. 异常详细信息:System.Data.SqlClient.SqlException:'='附近的语法不正确。 

Source Error:

Line 22: 
Line 23:         conn.Open();
Line 24:         SqlDataReader DR1 = cmd.ExecuteReader();
Line 25:         if (DR1.Read())

here is my code: 这是我的代码: 

    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
    SqlCommand cmd = new SqlCommand("select * from usersTable where user_id = "+ Session["userIdSession"], conn);

    conn.Open();
    SqlDataReader DR1 = cmd.ExecuteReader();
    if (DR1.Read())
    {
        Label1.Text = DR1.GetValue(1).ToString();

    }
    else
    {
        conn.Close();
    }
    }

1 个解决方案

解决方案1
 1 已采纳  2015-12-17 11:34:07

Prooblem with your code is that if Session["userIdSession"] is null your query will be like this:- 您的代码存在的问题是,如果Session["userIdSession"]为null,则您的查询将如下所示: 

select * from usersTable where user_id =

Which is obviously an invalid SQL query. 这显然是无效的SQL查询。 Use parametrized query and check if Session["userIdSession"] has some value before executing. 使用参数化查询,并在执行之前检查Session["userIdSession"]是否具有某些值。

You should first check if Session["userIdSession"] has some value like this:- 您应该首先检查Session["userIdSession"]是否具有以下值:- 

if(Session["userIdSession"] != null)
{
     //execute your code
}

Also, use parametrized query to avoid SQL Injection attacks:- 另外,请使用参数化查询来避免SQL注入攻击: 

SqlCommand cmd = new SqlCommand("select * from usersTable where user_id = @UserId", conn);
cmd.Parameters.Add("@UserId",SqlDbType.Int).Value = Convert.ToInt32(Session["userIdSession"]);

Also, consider using the using statement to automatically dispose expensive objects like connections. 另外,考虑使用using语句自动处理昂贵的对象(如连接)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 修复异常 System.Data.SqlClient.SqlException: '''''附近的语法不正确。' - Fix the exception System.Data.SqlClient.SqlException: 'Incorrect syntax near '='.' 异常 System.Data.SqlClient.SqlException: '',' 附近的语法不正确。' - exception System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.' System.Data.SqlClient.SqlException:“)”附近的语法不正确 - System.Data.SqlClient.SqlException: Incorrect syntax near ')' System.Data.SqlClient.SqlException:关键字'file'附近的语法不正确 - System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'file' System.Data.SqlClient.SqlException: ''=' 附近的语法不正确。 在数据表和对象上 - System.Data.SqlClient.SqlException: 'Incorrect syntax near '='.' on Datatable and object 收到错误“System.Data.SqlClient.SqlException:'')'附近的语法不正确。” - Getting an error "System.Data.SqlClient.SqlException: 'Incorrect syntax near ')'." System.Data.SqlClient.SqlException:“ =”附近的语法不正确 - System.Data.SqlClient.SqlException: Incorrect syntax near '=' System.Data.SqlClient.SqlException:'值'附近的语法不正确。 - System.Data.SqlClient.SqlException: 'Incorrect syntax near 'value'.' System.Data.SqlClient.SqlException:','附近的语法不正确。 - System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.' System.Data.SqlClient.SqlException:''2' 附近的语法不正确。' - System.Data.SqlClient.SqlException: 'Incorrect syntax near '2'.'
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM