stackoom
  简体   繁体   中英

WebMethod throws “Incorrect syntax near '='”

 原文  2015-05-15 10:15:57       c#/ sql/ asp.net/ sql-server/ web-services

Question

I am getting error on this line: using (SqlDataReader reader =cmd.ExecuteReader())

I am working on AJAX cascading Drop Down Example in ASP.Net and below is my code. I am unable to run the code due to error

Incorrect syntax near '='. near using (SqlDataReader reader =cmd.ExecuteReader())

Code 

 [WebMethod]
public AjaxControlToolkit.CascadingDropDownNameValue[] GetDropDownCountry1(string knownCategoryValues)
{
   // select CountryId, Country from Country where Status='Active'
   // string query = "SELECT Country, CountryId FROM Country";
    string query = "select [CountryName], [CountryId] from Countries";
    List<AjaxControlToolkit.CascadingDropDownNameValue> countries = GetData(query);
    return countries.ToArray();
}

private List<AjaxControlToolkit.CascadingDropDownNameValue> GetData(string query)
{
    string conString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
    SqlCommand cmd = new SqlCommand(query);
    List<AjaxControlToolkit.CascadingDropDownNameValue> values = new List<AjaxControlToolkit.CascadingDropDownNameValue>();
    using (SqlConnection con = new SqlConnection(conString))
    {
        con.Open();
        cmd.Connection = con;
        using (SqlDataReader reader = cmd.ExecuteReader())
            {
            while (reader.Read())
            {
                values.Add(new AjaxControlToolkit.CascadingDropDownNameValue
                {
                    name = reader[0].ToString(),
                    value = reader[1].ToString()
                });
            }
            reader.Close();
            con.Close();
            return values;
        }
    }
}

1 answers

solution1
 0  2015-05-15 16:48:23

string state = AjaxControlToolkit.CascadingDropDown.ParseKnownCategoryValuesString(knownCategoryValues)["StateId"];
string query = string.Format("select [CityName], [CityId] FROM Cities where StateId = {0}", state);

If state is a string like "CA" then this will generate the SQL statement "select [CityName], [CityId] FROM Cities where StateId = CA", which is not valid. Values passed as strings need to be quoted. But don't just put quotes around "{0}" - the correct fix is to use a parametrized query and pass the StateId as a parameter. Something like: 

string sql = "select [CityName], [CityId] FROM Cities where StateId = @stateId"
cmd.Parameters.Add("stateId", stateId);

This is more efficient and protects you from SQL injection .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL ExecuteNonQuery throws “Incorrect syntax near '0'.” ExecuteNonQuery() throws “Incorrect syntax near the keyword 'User'” Incorrect syntax near '(' and near '=' Simple SELECT in C# throws “Incorrect syntax near '='” Creating a Trigger with ExecuteSqlCommand() Throws “Incorrect syntax near the word 'TRIGGER'.” ExecuteSqlCommand throws Incorrect syntax near @p0, but in ssms it executes succesfully Incorrect syntax near '('. Incorrect Syntax Near '='. [WindowsForm] Incorrect syntax near 'value' Incorrect syntax near ',' AseBulkCopy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM