尝试从 sql 数据库读取数据并显示在文本框上 - Visual C#(语法错误)
[英]Trying to read data from sql database and show on textboxes - Visual C# (syntax error)
问题描述
edit: I'm aware of SQL Injection.
编辑:我知道 SQL 注入。
First of all, I know my coding methods are terrible but thats what I can for now, extremely beginner on c#.首先,我知道我的编码方法很糟糕,但这就是我现在所能做的,非常适合 C# 初学者。
I'm trying to read data from SQL server and show them on Textboxes.我正在尝试从 SQL 服务器读取数据并将它们显示在文本框上。 User going to write (and choose from cmbbox) some data on;用户将写入(并从 cmbbox 中选择)一些数据;
cmbIl.Text, cmbIlce.Text, cmbMahalle.Text, txtAda.Text, txtPafta.Text
and press the button for search.并按搜索按钮。
If that data correspond to the values in sql database (true), some other data will be taken and shown at如果该数据对应于 sql 数据库中的值 (true),则将采用其他一些数据并显示在
txtTapuKodu.Text, txtPafta.Text, txtTapuAlani.Text, txtNitelik.Text, rtxtImarDurumu.Text
But the code below gives that error:但是下面的代码给出了这个错误:
System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.'
private void btnSorgula_Click(object sender, EventArgs e)
{
string source = @"Data Source=YAGIZ-PC;Initial Catalog=imar_sorgu;Integrated Security=True";
SqlConnection con = new SqlConnection(source);
con.Open();
string sqlSelectQuery = "SELECT * FROM tablo_arsa WHERE il = '" + cmbIl.Text + "', ilce = '" + cmbIlce.Text + "', mahalle = '" + cmbMahalle.Text + "', ada = '" + txtAda.Text + "', parsel = '" + txtParsel.Text + "'";
/* string sqlSelectQuery2 = "SELECT * FROM tablo_arsa WHERE ilce ='" + cmbIlce.Text + "'";
string sqlSelectQuery3 = "SELECT * FROM tablo_arsa WHERE mahalle ='" + cmbMahalle.Text + "'";
string sqlSelectQuery4 = "SELECT * FROM tablo_arsa WHERE ada = " + txtAda.Text;
string sqlSelectQuery5 = "SELECT * FROM tablo_arsa WHERE parsel = " + txtParsel.Text; */
SqlCommand cmd = new SqlCommand(sqlSelectQuery, con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
txtTapuKodu.Text = (dr["tapu_kodu"].ToString());
txtPafta.Text = (dr["pafta"].ToString());
txtTapuAlani.Text = (dr["tapu_alani"].ToString());
txtNitelik.Text = (dr["nitelik"].ToString());
rtxtImarDurumu.Text = (dr["imar_durumu"].ToString());
MessageBox.Show("İstek başarıyla okundu.");
}
else
{
MessageBox.Show("Okuma başarısız.");
}
con.Close();
}
1 个解决方案
解决方案1
-1 已采纳 2019-12-03 21:29:15
The problem is that your where clause contains commas between the predicates.问题是您的 where 子句在谓词之间包含逗号。 use AND instead.使用 AND 代替。
change:改变:
string sqlSelectQuery = "SELECT * FROM tablo_arsa WHERE il = '" + cmbIl.Text + "', ilce = '" + cmbIlce.Text + "', mahalle = '" + cmbMahalle.Text + "', ada = '" + txtAda.Text + "', parsel = '" + txtParsel.Text + "'";
to:到:
string sqlSelectQuery = "SELECT * FROM tablo_arsa WHERE il = '" + cmbIl.Text + "' AND ilce = '" + cmbIlce.Text + "' AND mahalle = '" + cmbMahalle.Text + "' AND ada = '" + txtAda.Text + "' AND parsel = '" + txtParsel.Text + "'";
However, PLEASE read about SQL INJECTION.但是,请阅读 SQL 注入。 It is a very bad security issue and this is a perfect example.这是一个非常糟糕的安全问题,这是一个完美的例子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.