[英]System.Data.SqlClient.SqlException: 'Incorrect syntax near '…'
This is probably one of the common questions related to SQL however I am having hard time figuring out what is the issue.这可能是与 SQL 相关的常见问题之一,但是我很难弄清楚问题所在。
My current code is giving an error:我当前的代码给出了一个错误:
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Incorrect syntax near '...'.
System.Data.dll 中出现“System.Data.SqlClient.SqlException”类型的未处理异常“...”附近的语法不正确。
SQL: SQL:
CREATE TABLE [dbo].[LTEST] (
[Id] INT NOT NULL,
[YRNRO] INT NULL,
[HAKUNIMI] TEXT NULL,
[NIMIA] TEXT NULL,
[NIMIB] TEXT NULL,
[KAYNTIOS] TEXT NULL,
[POSTIOS] TEXT NULL,
[POSTINRO] TEXT NULL,
PRIMARY KEY CLUSTERED ([Id] ASC)
);
C#: C#:
using (OdbcConnection dbConnection1 = new OdbcConnection(connectionString1))
{
dbConnection1.Open();
OdbcDataAdapter dadapter1 = new OdbcDataAdapter();
dadapter1.SelectCommand = new OdbcCommand(queryString1, dbConnection1);
dadapter1.Fill(t1);
SqlConnection tempDbConnection = new SqlConnection();
tempDbConnection.ConnectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\CustomerDatabase.mdf;Integrated Security=True";
tempDbConnection.Open();
string tempSql = "";
for (int i = 0; i < t1.Rows.Count; i++)
{
tempSql = "INSERT INTO LTEST (YRNRO,HAKUNIMI,NIMIA,NIMIB,KAYNTIOS,POSTIOS,POSTINRO) VALUES ('"
+ t1.Rows[i]["YRNRO"].ToString().Trim() + ",'"
+ t1.Rows[i]["HAKUNIMI"].ToString().Trim() + "','"
+ t1.Rows[i]["NIMIA"].ToString().Trim() + "','"
+ t1.Rows[i]["NIMIB"].ToString().Trim() + "','"
+ t1.Rows[i]["KAYNTIOS"].ToString().Trim() + "',"
+ t1.Rows[i]["POSTIOS"].ToString().Trim() + "',"
+ t1.Rows[i]["POSTINRO"].ToString().Trim() + ");'";
SqlCommand tempCommand = new SqlCommand(tempSql, tempDbConnection);
tempCommand.ExecuteNonQuery();
}
}
EDIT:编辑:
I have also had a problem with path, it should be: C:\Users\...\source\repos\...\...\CustomerDatabase.mdf
我的路径也有问题,应该是:
C:\Users\...\source\repos\...\...\CustomerDatabase.mdf
As others have mentioned, better try something like this:正如其他人所提到的,最好尝试这样的事情:
var connectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\CustomerDatabase.mdf;Integrated Security=True";
string tempSql = "INSERT INTO LTEST (YRNRO,HAKUNIMI,NIMIA,NIMIB,KAYNTIOS,POSTIOS,POSTINRO) VALUES (@YRNRO, @HAKUNIMI, @NIMIA, @NIMIB, @KAYNTIOS, @POSTIOS, @POSTINRO)"
using (SqlConnection connection = new SqlConnection(connectionText))
{
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.Add("@YRNRO", SqlDbType.Text);
command.Parameters.Add("@HAKUNIMI", SqlDbType.Text);
command.Parameters.Add("@NIMIA", SqlDbType.Text);
command.Parameters.Add("@NIMIB", SqlDbType.Text);
command.Parameters.Add("@KAYNTIOS", SqlDbType.Text);
command.Parameters.Add("@POSTIOS", SqlDbType.Text);
command.Parameters.Add("@POSTINRO", SqlDbType.Text);
connection.Open();
for (int i = 0; i < t1.Rows.Count; i++)
{
command.Parameters["@YRNRO"].Value = t1.Rows[i]["YRNRO"].ToString().Trim();
command.Parameters["@HAKUNIMI"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
command.Parameters["@NIMIA"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
command.Parameters["@NIMIB"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
command.Parameters["@KAYNTIOS"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
command.Parameters["@POSTIOS"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
command.Parameters["@POSTINRO"].Value = t1.Rows[i]["@HAKUNIMI"].ToString().Trim();
try
{
command.ExecuteNonQuery();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
connection.Close();
}
To answer your question, you have a missing single quote on this line:要回答您的问题,您在此行缺少单引号:
+ t1.Rows[i]["YRNRO"].ToString().Trim() + ",'"
//change to
+ t1.Rows[i]["YRNRO"].ToString().Trim() + "','"
But as a responsible senior developer, I MUST tell you to either use parameterised SQL, or wrap your script in a stored procedure and pass it parameters.但作为一个负责任的高级开发人员,我必须告诉您要么使用参数化的 SQL,要么将您的脚本包装在存储过程中并传递参数。
And maybe off topic, but to speed up execution, generate a bulk SQL script, and then execute all at once instead of inside a foreach loop.也许题外话,但为了加快执行速度,生成一个大容量 SQL 脚本,然后一次性执行,而不是在 foreach 循环中执行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.