消息:“ ID”附近的语法不正确
[英]Message: Incorrect syntax near 'ID'
问题描述
Can I ask why a pop-up message pops up with an error near the ID ?, I find no solution for this. 
我可以问为什么弹出消息时在ID附近出现错误吗?我找不到解决方案。 It just pops up this message after i click the button. 单击按钮后,它会弹出此消息。
Message: Incorrect syntax near 'ID'
public override bool fnSaveNewRecord()
{
DataSet _ds;
string _sql;
object _obj;
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'";
_ds = new DataSet();
_obj = new SqlDatabase(App_Common._WSFCSConnStr) as SqlDatabase;
_ds = ((SqlDatabase)_obj).ExecuteDataSetQ(_sql);
return base.fnSaveNewRecord();
}
3 个解决方案
解决方案1
3 2017-02-16 10:06:13
Try using this query: 尝试使用以下查询:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES( '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'"+ "')'";
You have missed using the brackets for Values(v1,v2) as @Peter B commented. 您已经错过了@Peter B评论的Values(v1,v2)括号的使用。
have a look at this link for reference of SQL insert statement. 请看此链接以供参考SQL插入语句。
And it is always better to use parameterized queries than concatenated strings because, it is prone to SQL Injection Attacks. 而且,使用参数化查询总是比连接字符串更好,因为它易于受到SQL注入攻击。
Here is a reference for using parameterized queries. 这是使用参数化查询的参考。
Hope this helps! 希望这可以帮助!
解决方案2
3 2017-02-16 13:42:35
Your SQL statement is wrong because of the missing brackets for the values. 您的SQL语句错误,因为缺少值的括号。
The code is very messed up and it is hard to see that at the first sight. 该代码非常混乱,一见钟情。 So you better use parameters to have a more clean statement you can easily read and check for syntax errors: 因此,最好使用参数来获得更清晰的语句,您可以轻松阅读并检查语法错误:
INSERT INTO do_information
( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by )
VALUES
( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )
But you can even do more to get this code clean. 但是您甚至可以做更多的工作来使这段代码更干净。 Wrap all your queries. 包装所有查询。 Here an example for your statement: 这是您的陈述的示例:
Starting with some reusable base declarations 从一些可重用的基本声明开始
public interface IExecuteQuery
{
int Execute();
Task<int> ExecuteAsync( CancellationToken cancellationToken );
}
public abstract class SqlExecuteQuery : IExecuteQuery
{
private readonly DbConnection _connection;
private readonly Lazy<DbCommand> _command;
protected SqlExecuteQuery( DbConnection connection )
{
if ( connection == null )
throw new ArgumentNullException( nameof( connection ) );
_connection = connection;
_command = new Lazy<DbCommand>(
() =>
{
var command = _connection.CreateCommand( );
PrepareCommand( command );
return command;
} );
}
protected abstract void PrepareCommand( DbCommand command );
protected DbCommand Command => _command.Value;
protected virtual string GetParameterNameFromPropertyName( string propertyName )
{
return "@" + propertyName;
}
protected T GetParameterValue<T>( [CallerMemberName] string propertyName = null )
{
object value = Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value;
if ( value == DBNull.Value )
{
value = null;
}
return (T) value;
}
protected void SetParamaterValue<T>( T newValue, [CallerMemberName] string propertyName = null )
{
object value = newValue;
if ( value == null )
{
value = DBNull.Value;
}
Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value = value;
}
protected virtual void OnBeforeExecute() { }
public int Execute()
{
OnBeforeExecute( );
return Command.ExecuteNonQuery( );
}
public async Task<int> ExecuteAsync( CancellationToken cancellationToken )
{
OnBeforeExecute( );
return await Command.ExecuteNonQueryAsync( cancellationToken );
}
}
public static class DbCommandExtensions
{
public static DbParameter AddParameter( this DbCommand command, Action<DbParameter> configureAction )
{
var parameter = command.CreateParameter( );
configureAction( parameter );
command.Parameters.Add( parameter );
return parameter;
}
}
Now define an interface for your statement 现在为您的语句定义一个接口
public interface IInsertInformationQuery : IExecuteQuery
{
string CodeId { get; set; }
string SubInventoryCode { get; set; }
string ContactCode { get; set; }
string CompanyCode { get; set; }
string CorgCode { get; set; }
string UserCode { get; }
}
The implementation 实施
public class SqlInsertInformationQuery : SqlExecuteQuery, IInsertInformationQuery
{
public SqlInsertInformationQuery( DbConnection connection ) : base( connection )
{
}
protected override void OnBeforeExecute()
{
UserCode = App_Common._USER_CODE; // this should be injected
}
protected override void PrepareCommand( DbCommand command )
{
command.CommandText =
@"INSERT INTO do_information ( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by ) " +
@"VALUES ( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )";
command.AddParameter( p =>
{
p.ParameterName = "@CodeId";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@SubInventoryCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@ContactCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CompanyCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CorgCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@UserCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
}
public string CodeId
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string SubInventoryCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string ContactCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CompanyCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CorgCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string UserCode
{
get => GetParameterValue<string>( );
private set => SetParamaterValue( value );
}
}
Finally your code would look like 最后,您的代码看起来像
public override bool fnSaveNewRecord()
{
var database = new SqlDatabase(App_Common._WSFCSConnStr);
using ( var connection = database.CreateConnection() )
{
connection.Open();
IInsertInformationQuery query = new SqlInserInformationQuery( connection );
query.CodeId = txt_CodeID.Text.Trim();
query.SubInventoryCode = cbx_SubInventoryCode.Text;
query.ContactCode = cbx_ContactCode.Text;
query.CompanyCode = cbx_CompanyCode.Text;
query.CorgCode = cbx_CorgCode.Text;
var recordsAffected = query.Execute();
}
return base.fnSaveNewRecord();
}
解决方案3
0 2017-02-16 10:02:34
Your SQL query is wrong: 您的SQL查询错误:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES ('" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "')";
Your values have to be in brackets. 您的值必须放在方括号中。 Have a look at this: 看看这个:
https://www.w3schools.com/sql/sql_insert.asp https://www.w3schools.com/sql/sql_insert.asp
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.