System.Data.SqlClient.SqlException：''...'附近的语法不正确

Question

This is probably one of the common questions related to SQL however I am having hard time figuring out what is the issue.这可能是与 SQL 相关的常见问题之一，但是我很难弄清楚问题所在。

My current code is giving an error:我当前的代码给出了一个错误：

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Incorrect syntax near '...'. System.Data.dll 中出现“System.Data.SqlClient.SqlException”类型的未处理异常“...”附近的语法不正确。

SQL: SQL：

CREATE TABLE [dbo].[LTEST] (
    [Id]       INT  NOT NULL,
    [YRNRO]    INT  NULL,
    [HAKUNIMI] TEXT NULL,
    [NIMIA]    TEXT NULL,
    [NIMIB]    TEXT NULL,
    [KAYNTIOS] TEXT NULL,
    [POSTIOS]  TEXT NULL,
    [POSTINRO] TEXT NULL,
    PRIMARY KEY CLUSTERED ([Id] ASC)
);

C#: C#：

        using (OdbcConnection dbConnection1 = new OdbcConnection(connectionString1))
        {
            dbConnection1.Open();
            OdbcDataAdapter dadapter1 = new OdbcDataAdapter();
            dadapter1.SelectCommand = new OdbcCommand(queryString1, dbConnection1);

            dadapter1.Fill(t1);

            SqlConnection tempDbConnection = new SqlConnection();
            tempDbConnection.ConnectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\CustomerDatabase.mdf;Integrated Security=True";
            tempDbConnection.Open();

            string tempSql = "";
            for (int i = 0; i < t1.Rows.Count; i++)
            {
                tempSql = "INSERT INTO LTEST (YRNRO,HAKUNIMI,NIMIA,NIMIB,KAYNTIOS,POSTIOS,POSTINRO) VALUES ('"
                            + t1.Rows[i]["YRNRO"].ToString().Trim() + ",'"
                            + t1.Rows[i]["HAKUNIMI"].ToString().Trim() + "','"
                            + t1.Rows[i]["NIMIA"].ToString().Trim() + "','"
                            + t1.Rows[i]["NIMIB"].ToString().Trim() + "','"
                            + t1.Rows[i]["KAYNTIOS"].ToString().Trim() + "',"
                            + t1.Rows[i]["POSTIOS"].ToString().Trim() + "',"
                            + t1.Rows[i]["POSTINRO"].ToString().Trim() + ");'";
                SqlCommand tempCommand = new SqlCommand(tempSql, tempDbConnection);
                tempCommand.ExecuteNonQuery();
            }

        }

EDIT:编辑：

I have also had a problem with path, it should be: C:\Users\...\source\repos\...\...\CustomerDatabase.mdf我的路径也有问题，应该是： C:\Users\...\source\repos\...\...\CustomerDatabase.mdf

Answer 1

As others have mentioned, better try something like this:正如其他人所提到的，最好尝试这样的事情：

var connectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\CustomerDatabase.mdf;Integrated Security=True";

string tempSql = "INSERT INTO LTEST (YRNRO,HAKUNIMI,NIMIA,NIMIB,KAYNTIOS,POSTIOS,POSTINRO) VALUES (@YRNRO, @HAKUNIMI, @NIMIA, @NIMIB, @KAYNTIOS, @POSTIOS, @POSTINRO)"
using (SqlConnection connection = new SqlConnection(connectionText))
{
    SqlCommand command = new SqlCommand(commandText, connection);
    command.Parameters.Add("@YRNRO", SqlDbType.Text);
    command.Parameters.Add("@HAKUNIMI", SqlDbType.Text);
    command.Parameters.Add("@NIMIA", SqlDbType.Text);
    command.Parameters.Add("@NIMIB", SqlDbType.Text);
    command.Parameters.Add("@KAYNTIOS", SqlDbType.Text);
    command.Parameters.Add("@POSTIOS", SqlDbType.Text);
    command.Parameters.Add("@POSTINRO", SqlDbType.Text);

    connection.Open();  
    for (int i = 0; i < t1.Rows.Count; i++)
    {
        command.Parameters["@YRNRO"].Value = t1.Rows[i]["YRNRO"].ToString().Trim();
        command.Parameters["@HAKUNIMI"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
        command.Parameters["@NIMIA"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
        command.Parameters["@NIMIB"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
        command.Parameters["@KAYNTIOS"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
        command.Parameters["@POSTIOS"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
        command.Parameters["@POSTINRO"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();

        try
        {
            command.ExecuteNonQuery();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }
    connection.Close();
}

Answer 2

To answer your question, you have a missing single quote on this line:要回答您的问题，您在此行缺少单引号：

 + t1.Rows[i]["YRNRO"].ToString().Trim() + ",'"
//change to
 + t1.Rows[i]["YRNRO"].ToString().Trim() + "','"

But as a responsible senior developer, I MUST tell you to either use parameterised SQL, or wrap your script in a stored procedure and pass it parameters.但作为一个负责任的高级开发人员，我必须告诉您要么使用参数化的 SQL，要么将您的脚本包装在存储过程中并传递参数。

And maybe off topic, but to speed up execution, generate a bulk SQL script, and then execute all at once instead of inside a foreach loop.也许题外话，但为了加快执行速度，生成一个大容量 SQL 脚本，然后一次性执行，而不是在 foreach 循环中执行。

System.Data.SqlClient.SqlException：''...'附近的语法不正确

问题描述

2 个解决方案

解决方案1
4 已采纳 2020-05-26 10:51:07

解决方案2
1 2020-05-26 10:38:21

System.Data.SqlClient.SqlException：''...'附近的语法不正确

问题描述

2 个解决方案

解决方案1 4 已采纳 2020-05-26 10:51:07

解决方案2 1 2020-05-26 10:38:21

解决方案1
4 已采纳 2020-05-26 10:51:07

解决方案2
1 2020-05-26 10:38:21