堆栈内存溢出
  简体   繁体   English

VB.Net 和 SQL 命令未处理异常

[英]VB.Net and SQL Command Unhandled Exception

 原文  2020-04-08 08:04:59       sql-server/ vb.net/ sqlcmd

问题描述

I am building a simple program for bulk load into SQL.我正在构建一个简单的程序,用于将批量加载到 SQL 中。 However I cannot figure out this error.但是我无法弄清楚这个错误。 The raw code is below, then the translated code without the textbox references.原始代码在下面,然后是没有文本框引用的翻译代码。

Imports System.Data.SqlClient导入 System.Data.SqlClient

Public Class Form1公共 Class Form1

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles insert.Click

    Dim SQLCONN As New SqlConnection
    Dim SQLCMD As New SqlCommand
    SQLCONN = New SqlConnection("Server=" + server.Text + ";Database=" + database.Text + ";Integrated security=True")
    SQLCONN.Open()
    SQLCMD = New SqlCommand("BULK INSERT " + table.Text +
        " FROM " + path.Text +
        "  With (FIRSTROW = '" + firstrow.Text + "',
            FIELDTERMINATOR = '" + seperator.Text + "',
            ROWTERMINATOR= '\n');", SQLCONN)
    SQLCMD.ExecuteNonQuery()
    SQLCONN.Close()

End Sub

Here is what the SQL portion would translate to这是 SQL 部分将转换为的内容

SQLCMD = New SqlCommand("BULK INSERT test1
         FROM  'C:\Program Files\Servers\FFA\csgo\maplist.txt'
          With (FIRSTROW = '2',
            FIELDTERMINATOR = ' ',
            ROWTERMINATOR= '\n')";, SQLCONN)

Here is the error I get:这是我得到的错误:

System.Data.SqlClient.SqlException: 'Incorrect syntax near 'C:'. System.Data.SqlClient.SqlException:''C:'附近的语法不正确。 Incorrect syntax near the keyword 'with'.关键字“with”附近的语法不正确。 If this statement is a common table expression, an xmlnamespaces clause or a change tracking context clause, the previous statement must be terminated with a semicolon.'如果此语句是公用表表达式、xmlnamespaces 子句或更改跟踪上下文子句,则前面的语句必须以分号结束。

Can anyone help me figure out why this is erroring out?谁能帮我弄清楚为什么会出错?

3 个解决方案

解决方案1
 1  2020-04-08 08:55:02

Your SQL has quotes around the filename but the VB version does not (unless the textbox itself contains quotes, but I think it unlikely given the error message):您的 SQL 在文件名周围有引号,但 VB 版本没有(除非文本框本身包含引号,但我认为鉴于错误消息不太可能):

在此处输入图像描述

Your SQL would be a lot more readable if you use string interpolation and do some preprocessing outside of building the string:如果您使用字符串插值并在构建字符串之外进行一些预处理,您的 SQL 将更具可读性:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles insert.Click

    Dim SQLCONN As New SqlConnection
    Dim SQLCMD As New SqlCommand
    SQLCONN = New SqlConnection("Server=" + server.Text + ";Database=" + database.Text + ";Integrated security=True")
    SQLCONN.Open()

    Dim p = path.Text.Replace("'","''")
    Dim f = seperator.Text.Replace("'","''")

    SQLCMD = New SqlCommand($"BULK INSERT QUOTENAME({table.Text})
                FROM '{p}'
                WITH (FIRSTROW = {firstrowNumericUpdown.Value}
                FIELDTERMINATOR = '{f}',
                ROWTERMINATOR= '\n')", SQLCONN)
    SQLCMD.ExecuteNonQuery()
    SQLCONN.Close()

End Sub

You should also do your utmost to prevent SQL injection with this;您还应该尽最大努力防止 SQL 注入此; you're handing the user several textboxes into which they type something and that could be very dangerous if they decide to write some SQL in the textbox您将用户交给他们输入内容的几个文本框,如果他们决定在文本框中写一些 SQL 可能会非常危险

  • Consider using QUOTENAME the table name考虑使用 QUOTENAME 表名
  • Use a NumericUpDown for your FIRSTROW为您的 FIRSTROW 使用 NumericUpDown
  • Consider replacing ' with '' on other fields考虑在其他字段上用 '' 替换
  • Consider limiting the length of the seperator textbox to be MaxLength=1考虑将seperator文本框的长度限制为MaxLength=1

If you don't know what SQL Injection Hacking is, take a read of http://bobby-tables.com如果您不知道 SQL Injection Hacking 是什么,请阅读http://bobby-tables.com

解决方案2
 0 已采纳  2020-04-08 08:24:38

You need to remove the double quote from your FIRSTROW value您需要从您的FIRSTROW值中删除双引号

SQLCMD = New SqlCommand("BULK INSERT test1
         FROM  'C:\Program Files\Servers\FFA\csgo\maplist.txt'
          With (FIRSTROW = 2,
            FIELDTERMINATOR = ' ',
            ROWTERMINATOR= '\n')";, SQLCONN)

Your class will be like as follow您的 class 将如下所示

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles insert.Click

    Dim SQLCONN As New SqlConnection
    Dim SQLCMD As New SqlCommand
    SQLCONN = New SqlConnection("Server=" + server.Text + ";Database=" + database.Text + ";Integrated security=True")
    SQLCONN.Open()
    SQLCMD = New SqlCommand("BULK INSERT " + table.Text +
        " FROM " + path.Text +
        "  With (FIRSTROW = " + firstrow.Text + ",
            FIELDTERMINATOR = '" + seperator.Text + "',
            ROWTERMINATOR= '\n');", SQLCONN)
    SQLCMD.ExecuteNonQuery()
    SQLCONN.Close()

End Sub

解决方案3
 0  2020-04-09 03:09:16

Thanks guys, all of your responses helped me quite a bit.谢谢大家,你们的回答对我帮助很大。 I'm deciding to go a different route with project, thanks again!我决定 go 与项目不同的路线,再次感谢!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 vb.net 中的 sql Null 异常 - sql Null exception in vb.net 如何在 vb.net 中中断 SQL 命令 - How to break SQL command in vb.net SQL更新命令VB.Net与日期 - Sql Update command VB.Net With Date VB.NET更新SQL数据库命令 - VB.NET updating SQL Database Command 调试vb.net SQL命令 - Debugging a vb.net SQL command vb.net sql命令无法删除 - vb.net sql command cannot delete ASP.NET VB.NET — SQL UPDATE命令不起作用 - ASP.NET VB.NET — SQL UPDATE Command Not Working vb.net SQL命令对SQL表进行排序 - vb.net SQL command to sort SQL table VB.NET/SQL System.Argument异常 - VB.NET/SQL System.Argument Exception vb.net中的本地SQL Server备份异常 - Local SQL Server Backup Exception in vb.net
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM