[英]Syntax error (from clause) in query expression in statement
string sqlStatement = "SELECT Orders.[ID], Orders.[Checkintime], Orders.[RoomPrice], Orders.[OrderNo], Particulars.FirstName, Particulars.LastName FROM Orders, where Checkintime between '" + dateOnly + "' and '" + endDateOnly + "', Particulars;";
我尝试使用此语句从数据库中选择信息,但此语句在FROM子句中存在语法错误
我假设两个表(订单和特殊信息)由充当外键的某个字段连接在一起。 因此,您应该在“详细信息”表中具有一个OrderID字段,该字段将每个“特定信息”链接到相应的订单。
如果是这种情况,那么您的查询应该是这样的
string sqlStatement = @"SELECT Orders.[ID], Orders.[Checkintime],
Orders.[RoomPrice], Orders.[OrderNo],
Particulars.FirstName, Particulars.LastName
FROM Orders INNER JOIN Particulars
ON Orders.[ID] = Particulars.[OrderID]
where Checkintime between '" + dateOnly +
"' and '" + endDateOnly + "'";
但是,这种使用字符串连接的方法容易出现其他类型的错误,例如解析问题和Sql注入,最好使用参数化查询
string sqlStatement = @"SELECT Orders.[ID], Orders.[Checkintime],
Orders.[RoomPrice], Orders.[OrderNo],
Particulars.FirstName, Particulars.LastName
FROM Orders INNER JOIN Particulars
ON Orders.[ID] = Particulars.[OrderID]
where Checkintime between @init AND @end";
using(SqlConnection cnn = new SqlConnection(.....))
using(SqlCommand cmd = new SqlCommand(sqlStatement, cnn))
{
cnn.Open();
cmd.Parameters.Add("@init", SqlDbType.DateTime).Value = dateOnly;
cmd.Parameters.Add("@end", SqlDbType.DateTime).Value = endDateOnly;
.... remainder of your code that reads back your data.....
}
请注意,提供给Parameter.Value的值应该是DateTime变量而不是字符串。
删除,
这里Orders, where
那, Particulars;
也... FROM Orders join Particulars ON Orders.ID = Particulars.ID
您应该使用... FROM Orders join Particulars ON Orders.ID = Particulars.ID
或称为ID列的东西
根据您的文化,DateTime作为字符串值'04/08/2015 21:52:39'
传递时,可能会导致问题。 例如,在某些文化中,日期和月份会互换。 您可以执行dateOnly.ToString("yyyy-MM-dd")
或更好地使用参数并传递DateTime对象以避免注入攻击
您需要一个联接查询:
string sqlStatement = "SELECT Orders.[ID], Orders.[Checkintime], Orders.[RoomPrice], Orders.[OrderNo], Particulars.FirstName, Particulars.LastName FROM Orders inner join Particulars on Orders.CommonField=Particulars.CommonField
where Checkintime between '" + dateOnly + "' and '" + endDateOnly + "'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.