调试时获取SQLException
[英]Getting SQLException when debugging
问题描述
I've got a error which I can't understand. 
我有一个我无法理解的错误。 When I'm debugging and trying to run a insert statement, its throwing the following exception: 当我正在调试并尝试运行insert语句时,它抛出以下异常:
"There are fewer columns in the INSERT statement than values specified in the VALUES clause. The number of values in the VALUES clause must match the number of columns specified in the INSERT statement."
I have looked all over my code, and I can't find the mistake I've made. 我看了我的代码,我找不到我犯的错误。
This is the query and the surrounding code: 这是查询和周围的代码:
SqlConnection myCon = DBcon.getInstance().conn();
int id = gm.GetID("SELECT ListID from Indkøbsliste");
id++;
Console.WriteLine("LNr: " + listnr);
string streg = GetStregkode(navne);
Console.WriteLine("stregk :" + strege);
string navn = GetVareNavn(strege);
Console.WriteLine("navn :" + navne);
myCon.Open();
string query = "INSERT INTO Indkøbsliste (ListID, ListeNr, Stregkode, Navn, Antal, Pris) Values(" + id + "," + listnr + ", '" + strege + "','" + navn + "'," + il.Antal + ", "+il.Pris+")";
Console.WriteLine(il.Antal+" Antal");
Console.WriteLine(il.Pris+" Pris");
Console.WriteLine(id + " ID");
SqlCommand com = new SqlCommand(query, myCon);
com.ExecuteNonQuery();
com.Dispose();
myCon.Close();
3 个解决方案
解决方案1
1 2011-09-20 07:51:40
Please always use parametrized queries . 请始终使用参数化查询 。 This helps with errors like the one you have, and far more important protects against SQL injection (google the term, or check this blog entry - as an example). 这有助于解决您所拥有的错误,更重要的是防止SQL注入(谷歌这个术语,或查看此博客条目 - 作为示例)。
For example, what are the actual values of strege and/or navn . 例如, strege和/或navn的实际值是strege 。 Depending on that it may render your SQL statement syntactically invalid or do something worse. 根据它可能会使您的SQL语句在语法上无效或做更糟糕的事情。
It (looks like) a little more work in the beginning, but will pay off big time in the end. 它(看起来)在开始时会做更多的工作,但最终会付出很大的代价。
解决方案2
1 已采纳 2011-09-20 07:53:00
First of all check the connection string and confirm the database location and number of columns a table has. 首先检查连接字符串并确认数据库的位置和表的列数。
Suggestion : Do not use hardcoded SQL string. 建议:不要使用硬编码的SQL字符串。 Use parameterized sql statements or stored-proc. 使用参数化的sql语句或stored-proc。
Try parameterized way, 尝试参数化方式,
string query = "INSERT INTO Indkøbsliste (ListID, ListeNr, Stregkode, Navn, Antal, Pris)
Values (@ListID, @ListeNr, @Stregkode, @Navn, @Antal, @Pris)"
SqlCommand com = new SqlCommand(query, myCon);
com.Parameters.Add("@ListID",System.Data.SqlDbType.Int).Value=id;
com.Parameters.Add("@ListeNr",System.Data.SqlDbType.Int).Value=listnr;
com.Parameters.Add("@Stregkode",System.Data.SqlDbType.VarChar).Value=strege ;
com.Parameters.Add("@Navn",System.Data.SqlDbType.VarChar).Value=navn ;
com.Parameters.Add("@Antal",System.Data.SqlDbType.Int).Value=il.Antal;
com.Parameters.Add("@Pris",System.Data.SqlDbType.Int).Value=il.Pris;
com.ExecuteNonQuery();
解决方案3
0 2011-09-20 07:55:00
Are you using danish culture settings? 你在使用丹麦文化设置吗?
In that case if il.Pris is a double or decimal it will be printed using comma, which means that your sql will have an extra comma. 在这种情况下,如果il.Pris是一个double或十进制,它将使用逗号打印,这意味着你的sql将有一个额外的逗号。
Ie: 即:
INSERT INTO Indkøbsliste (ListID, ListeNr, Stregkode, Navn, Antal, Pris) Values(33,5566, 'stegkode','somename',4, 99,44)
where 99,44 is the price. 其中99,44是价格。
The solution is to use parameters instead of using the values directly in you sql. 解决方案是使用参数而不是直接在您的SQL中使用值。 See some of the other answers already explaining this. 看到已经解释过的一些其他答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.