Syntax error (from clause) in query expression in statement

Question

string sqlStatement = "SELECT Orders.[ID], Orders.[Checkintime], Orders.[RoomPrice], Orders.[OrderNo], Particulars.FirstName, Particulars.LastName FROM Orders, where Checkintime between '" + dateOnly + "' and '" + endDateOnly + "', Particulars;";

我尝试使用此语句从数据库中选择信息，但此语句在FROM子句中存在语法错误

Answer 1

I suppose that the two tables (Orders and Particulars) are joined by some field that acts as a foreignkey. So you should have a OrderID field in the Particulars table that links every 'particular' to the respective Order.

If this is the case then your query should be something like this

string sqlStatement = @"SELECT Orders.[ID], Orders.[Checkintime], 
                        Orders.[RoomPrice], Orders.[OrderNo], 
                        Particulars.FirstName, Particulars.LastName 
                        FROM Orders INNER JOIN Particulars 
                        ON Orders.[ID] = Particulars.[OrderID]
                        where Checkintime between '" + dateOnly + 
                        "' and '" + endDateOnly + "'";

However this approach with string concatenation is prone to other kind of errors like parsing problems and Sql injection, better use a parameterized query

string sqlStatement = @"SELECT Orders.[ID], Orders.[Checkintime], 
                        Orders.[RoomPrice], Orders.[OrderNo], 
                        Particulars.FirstName, Particulars.LastName 
                        FROM Orders INNER JOIN Particulars 
                        ON Orders.[ID] = Particulars.[OrderID]
                        where Checkintime between @init AND @end";
using(SqlConnection cnn = new SqlConnection(.....))
using(SqlCommand cmd = new SqlCommand(sqlStatement, cnn))
{
     cnn.Open();
     cmd.Parameters.Add("@init", SqlDbType.DateTime).Value = dateOnly;
     cmd.Parameters.Add("@end", SqlDbType.DateTime).Value = endDateOnly;

     .... remainder of your code that reads back your data.....
}

Please note, the value supplied to the Parameter.Value should be a DateTime variable not a string....

Answer 2

1. Remove that , here Orders, where

2. That , Particulars; doesn't makes sence as well probably you should use a join ... FROM Orders join Particulars ON Orders.ID = Particulars.ID or what the ID-column is called

3. Depending on your Culture the DateTime could cause a problem when it's passed as a string value '04/08/2015 21:52:39' . eg in some cultures day and month are swapped. You can do dateOnly.ToString("yyyy-MM-dd") or better use parameters and pass a DateTime object to avoids injection attacks additional

Answer 3

you need a join query:

string sqlStatement = "SELECT Orders.[ID], Orders.[Checkintime], Orders.[RoomPrice], Orders.[OrderNo], Particulars.FirstName, Particulars.LastName FROM Orders inner join Particulars  on Orders.CommonField=Particulars.CommonField
where Checkintime between '" + dateOnly + "' and '" + endDateOnly + "'";