[英]getting error on sql query in asp.net using c#
I am using this sql query in c# 我在C#中使用此SQL查询
select t.testname,t.totalque,r.testdate,r.score
from test t, result r
where t.testid=r.testid
and r.login='vsdep980'
but it shows an error that is 但显示的错误是
invalid column name 'vsdep980'
无效的列名称“ vsdep980”
now here vsdep980
is the value which is stored in the column login
but why it shows this type of error. 现在,这里
vsdep980
是存储在列login
vsdep980
中的值,但是为什么它显示这种类型的错误。
now my code is 现在我的代码是
SqlCommand cmd = new SqlCommand("select t.testname,t.totalque,r.testdate,r.score from test t, result r where t.testid=r.testid and r.login=vsdep980", con);
con.Open();
int c = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
if (c > 0)
{
Response.Write("<br><br><h1 class='head1'> You have not given any quiz</h1>");
Response.End();
}
SqlDataAdapter adp = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adp.Fill(ds);
DataTable dt = ds.Tables[0];
DataRow dr = null;
Response.Write("<table border='1' align='center'><tr class='style2'><td width='300'>Test Name </td><td> Total<br> Question </td><td> Date </td><td> Score </td></tr>");
foreach (DataRow dr1 in dt.Rows)
{
dr = dr1;
Response.Write("<tr class='style8'><td> "+dr[0]+" </td><td align='center'> "+dr[1]+" </td><td align='center'> "+dr[2]+" </td><td align='center'>"+dr[3]+" </td></tr>");
}
Response.Write("</table>");
image of error msg 错误味精图像
Please help me. 请帮我。
Thanks. 谢谢。
1- Do not use old joins. 1-不要使用旧的联接。
2- Use parameters in your query. 2-在查询中使用参数。
A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time.
参数化查询是一种查询,其中占位符用于参数,并且在执行时提供参数值。 The most important reason to use parameterized queries is to avoid SQL injection attacks.
使用参数化查询的最重要原因是避免SQL注入攻击。
Your query should be: 您的查询应为:
SqlCommand cmd = new SqlCommand("select t.testname,t.totalque,r.testdate,r.score
from test t, result r where t.testid=r.testid and r.login='vsdep980'", con);
You miss quote ''
, so the vsdep980
will act as a column instead of a value. 您可能会错过引号
''
,因此vsdep980
将充当列而不是值。
And your query should be like: 您的查询应类似于:
SELECT T.testname,
T.totalque,
R.testdate,
R.score
FROM test T JOIN result R ON T.testid = R.testid -- Use the new style instead
WHERE R.login = 'vsdep980';
You're executing a query that returns multiple columns (and, I'm assuming multiple rows) with a call to ExecuteScalar()
. 您正在执行一个查询,该查询通过调用
ExecuteScalar()
返回多列(并且假设多个行ExecuteScalar()
。 This method is primarily used for retrieving a single value from SQL Server (it returns the value from the first column of the first row of your data). 此方法主要用于从SQL Server检索单个值(它从数据第一行的第一列返回值)。 I expect that the first value of
t.testname
is not convertable to an Int32
. 我希望
t.testname
的第一个值不能转换为Int32
。
From your code, it looks like you're trying to check to see if any rows are returned from your query. 从您的代码中,您似乎正在尝试检查查询是否返回了任何行。 If that is the case, you should do something like this instead:
如果是这种情况,您应该改为执行以下操作:
SqlCommand cmd = new SqlCommand("select t.testname,t.totalque,r.testdate,r.score from test t, result r where t.testid=r.testid and r.login='vsdep980'", con);
con.Open();
SqlDataAdapter adp = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adp.Fill(ds);
con.Close();
if (ds.Tables[0].Rows.Count == 0)
{
Response.Write("<br><br><h1 class='head1'> You have not given any quiz</h1>");
Response.End();
}
The query has to use single quotes while specifying the filter text ie vsdep980. 在指定过滤器文本(即vsdep980)时,查询必须使用单引号。
Edit: Looking at the code I saw that the command is executed using ExecuteScalar. 编辑:查看代码,我看到该命令是使用ExecuteScalar执行的。 ExecuteScalar executes the query, and returns the first column of the first row in the result set returned by the query.
ExecuteScalar执行查询,并返回查询返回的结果集中第一行的第一列。 Additional columns or rows are ignored.
其他列或行将被忽略。
Since the first column is testname it'll return a string that cannot be converted to an integer. 由于第一列是testname,它将返回无法转换为整数的字符串。 Rethink what you want to do with the return value and change it accordingly
重新考虑您想对返回值进行的操作并相应地进行更改
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.