堆栈内存溢出
  简体   繁体   English

数据库到声明的变量

[英]Database to declared variable

 原文  2016-05-28 13:59:09       c#/ database

问题描述

I do want to pass StudName contents to my declared variable.我确实想将 StudName 内容传递给我声明的变量。 i tried " +a.ToString+" But still i got errors我试过“+a.ToString+”但我仍然有错误

string a;

connection.Close();
connection.Open();
String strSQL = "select *from Students where StudName = '"  +a.ToString() + "' and StudNum = '" + studentNumber;
OleDbCommand command = new OleDbCommand(strSQL);

1 个解决方案

解决方案1
 2  2016-05-28 14:05:10

StudNum = '" + studentNumber

The Database column for studentNumber is numeric but you're half treating it as alphanumeric. studentNumber 的 Database 列是数字,但您将其一半视为字母数字。

Solution解决方案

StudNum = " + studentNumber

You need to use Parameterised commands to protect against an SQL Injection attack .您需要使用参数化命令来防止 SQL 注入攻击 This will also solve issues such as variables containing apostrophes and etc that would also cause your sql to fail.这也将解决诸如包含撇号等的变量之类的问题,这些问题也会导致您的 sql 失败。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将数据库内容添加到在 ViewModel 中声明的变量中 - How to add database content into a variable declared in the ViewModel 如何获取声明的变量 - How to get the declared variable 标量变量未声明 - Scalar variable not declared 变量已声明但从未使用 - The variable is declared but never used 没有声明变量的参数 - out arguments with not declared variable 变量'MyException'已声明但从未使用过 - The variable 'MyException' is declared but never used 类中声明变量的内存分配 - Memory Allocation for Variable Declared in Class 变量未在范围中声明,但可以工作(“推断” ??) - Variable not declared in the scope, but works (“inference”??) JavaScript无法看到声明的变量? - JavaScript cannot see declared variable? 变量名称不能在此范围内声明 - Variable name cannot be declared in this scope
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM