stackoom
  简体   繁体   中英

Incorrect syntax near ','. Description: An unhandled exception occurred during the execution

 原文  2017-05-07 04:45:38       c#/ sql/ asp.net/ .net/ gridview

Question

I know this title seems to be repeated a lot but I tried to search and didn't find the answer.

Code: 

using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e) {}

    protected void gv_master_SelectedIndexChanged(object sender, EventArgs e)
    {
        // Get the currently selected row using the SelectedRow property.
        GridViewRow row = gv_master.SelectedRow;

        // Display the first name from the selected row.
        // In this example, the third column (index 2) contains
        // the first name.
        lbl_reqNoV.Text = row.Cells[1].Text;
        lbl_reqNoV.Visible = true;
        lbl_reqNo.Visible = true;

        SqlConnection sqlConnection1 = new SqlConnection("Data Source=saitest01;Initial Catalog=SAI_website;Persist Security Info=True;User ID=sa;Password=sai@987");
        SqlCommand cmd = new SqlCommand();

        cmd.CommandText = "Select * from purchase Where ReqNo = '" + lbl_reqNoV.Text + "', sqlConnection1";

        cmd.CommandType = CommandType.Text;
        cmd.Connection = sqlConnection1;

        sqlConnection1.Open();
        SqlDataReader DR1;
        DR1 = cmd.ExecuteReader();
        DR1.Read();

        // Data is accessible through the DataDR1 object here
        gv_full.DataSource = DR1;
        gv_full.DataBind();
    }
}

2 answers

solution1
 2  2017-05-07 05:08:49

the problem is you where adding the name of Connection in the query text which is ofcource not recognized by sqlserver the correct format was 

var cmd = new SqlCommand("Select * from purchase Where ReqNo = @reqno",sqlConnection1)

or you can do this 

cmd.CommandText = "Select * from purchase Where ReqNo = @reqno";

cmd.Parameters.AddWithValue("reqno",lbl_reqNoV.Text);
cmd.CommandType = CommandType.Text;
cmd.Connection = sqlConnection1;

you should always use parameters in query to avoid Sql Injection

solution2
 0  2017-05-07 06:27:23

just change following 

 cmd.CommandText = "Select * from purchase Where ReqNo = '" + lbl_reqNoV.Text + "', sqlConnection1";

with, 

 cmd.CommandText = "Select * from purchase Where ReqNo = '" + lbl_reqNoV.Text + "' ";

Above will make your code working. But you should modify you code to handle SQL Injection. As answered by @Usman

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question An unhandled exception occurred during the execution Sql Exception Unhandled Incorrect syntax near '='? An unhandled exception occurred during the execution of the current web request, “Не найден указанный модуль” An unhandled exception occurred during the execution of the current web request i have exception error "An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Incorrect syntax near 'ID'." SqlException was unhandled by user code incorrect syntax near ',' An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Incorrect syntax near 'b' An unhandled exception occurred during the execution of the current web request. ASP.NET How to fix "An unhandled exception occurred during the execution of the current web request. " An unhandled exception occurred during the execution of the current web request. Model compatibility cannot be checked
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM