I'm trying to run this code from the ASP.Net code:
string strupdate = "Insert into registers(user, module, event_type)" +
"values (" +
"'" + user + "'," +
"'" + event + "'," +
"'" + source + "');";
/* connSQL it's the ODBC connection type: System.Data.Odbc.OdbcConnection */
connSQL.ExecuteNonQuery();
The query results into the following:
Insert into registers(user, module, event_type)values('user01','message','control');
Running this query from psql works perfectly fine, but running from the web returns the ODBC 07002 error with the following message: The # of binded parameters < the # of parameter markers
There is a typo in the "'" + event + "," +
code, it should be "'" + event + "'," +
.
ie, ending single quote was missed in the second parameter value.
Note: Your code is possible for SQL Injection attack. Please convert the code with parameterised values.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.