[英]Query returns ODBC error “too few arguments” in a not-prepared statement
I'm trying to run this code from the ASP.Net code: 我正在尝试从ASP.Net代码运行此代码:
string strupdate = "Insert into registers(user, module, event_type)" +
"values (" +
"'" + user + "'," +
"'" + event + "'," +
"'" + source + "');";
/* connSQL it's the ODBC connection type: System.Data.Odbc.OdbcConnection */
connSQL.ExecuteNonQuery();
The query results into the following: 查询结果如下:
Insert into registers(user, module, event_type)values('user01','message','control');
Running this query from psql works perfectly fine, but running from the web returns the ODBC 07002 error with the following message: The # of binded parameters < the # of parameter markers 从psql运行此查询完全正常,但从Web运行返回ODBC 07002错误,并显示以下消息:绑定参数数#<参数标记数
There is a typo in the "'" + event + "," +
code, it should be "'" + event + "'," +
. "'" + event + "," +
代码中有一个拼写错误,它应该是"'" + event + "'," +
。
ie, ending single quote was missed in the second parameter value. 即,在第二个参数值中错过了结束单引号。
Note: Your code is possible for SQL Injection attack. 注意:您的代码可能是SQL注入攻击。 Please convert the code with parameterised values.
请使用参数化值转换代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.