stackoom
  简体   繁体   中英

Query returns ODBC error “too few arguments” in a not-prepared statement

 原文  2019-05-15 13:00:51       c#/ asp.net/ postgresql/ odbc

Question

I'm trying to run this code from the ASP.Net code: 

string strupdate = "Insert into registers(user, module, event_type)" +
    "values (" +
    "'" + user + "'," +
    "'" + event + "'," +
    "'" + source + "');";

/* connSQL it's the ODBC connection type: System.Data.Odbc.OdbcConnection */
connSQL.ExecuteNonQuery();

The query results into the following: 

Insert into registers(user, module, event_type)values('user01','message','control');

Running this query from psql works perfectly fine, but running from the web returns the ODBC 07002 error with the following message: The # of binded parameters < the # of parameter markers

1 answers

solution1
 0  2019-05-15 13:03:40

There is a typo in the "'" + event + "," + code, it should be "'" + event + "'," + .

ie, ending single quote was missed in the second parameter value.

Note: Your code is possible for SQL Injection attack. Please convert the code with parameterised values.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Prepared Statement query in TextBox using C# avoiding error with empty variable in prepared statement Concurrent execution of Cassandra prepared statement returns invalid JSON as result Regular expression matching all characters returns too few matches Postgres prepared statement error on setting parameter value in single quote Too many arguments provided error in NUnit linq query returns too many results Prepared SELECT statement in .Net IF Statement Query Syntax Error Entity Framework query to populate viewmodel with keyvaluepairs, keyvaluepairs with too many arguments
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM