消息:“ ID”附近的语法不正确
[英]Message: Incorrect syntax near 'ID'
问题描述
我可以问为什么弹出消息时在ID附近出现错误吗?我找不到解决方案。 单击按钮后,它会弹出此消息。
消息: “ ID”附近的语法不正确
public override bool fnSaveNewRecord()
{
DataSet _ds;
string _sql;
object _obj;
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'";
_ds = new DataSet();
_obj = new SqlDatabase(App_Common._WSFCSConnStr) as SqlDatabase;
_ds = ((SqlDatabase)_obj).ExecuteDataSetQ(_sql);
return base.fnSaveNewRecord();
}
3 个解决方案
解决方案1
3 2017-02-16 10:06:13
尝试使用以下查询:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES( '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'"+ "')'";
您已经错过了@Peter B评论的Values(v1,v2)括号的使用。
请看此链接以供参考SQL插入语句。
而且,使用参数化查询总是比连接字符串更好,因为它易于受到SQL注入攻击。
这是使用参数化查询的参考。
希望这可以帮助!
解决方案2
3 2017-02-16 13:42:35
您的SQL语句错误,因为缺少值的括号。
该代码非常混乱,一见钟情。 因此,最好使用参数来获得更清晰的语句,您可以轻松阅读并检查语法错误:
INSERT INTO do_information
( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by )
VALUES
( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )
但是您甚至可以做更多的工作来使这段代码更干净。 包装所有查询。 这是您的陈述的示例:
从一些可重用的基本声明开始
public interface IExecuteQuery
{
int Execute();
Task<int> ExecuteAsync( CancellationToken cancellationToken );
}
public abstract class SqlExecuteQuery : IExecuteQuery
{
private readonly DbConnection _connection;
private readonly Lazy<DbCommand> _command;
protected SqlExecuteQuery( DbConnection connection )
{
if ( connection == null )
throw new ArgumentNullException( nameof( connection ) );
_connection = connection;
_command = new Lazy<DbCommand>(
() =>
{
var command = _connection.CreateCommand( );
PrepareCommand( command );
return command;
} );
}
protected abstract void PrepareCommand( DbCommand command );
protected DbCommand Command => _command.Value;
protected virtual string GetParameterNameFromPropertyName( string propertyName )
{
return "@" + propertyName;
}
protected T GetParameterValue<T>( [CallerMemberName] string propertyName = null )
{
object value = Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value;
if ( value == DBNull.Value )
{
value = null;
}
return (T) value;
}
protected void SetParamaterValue<T>( T newValue, [CallerMemberName] string propertyName = null )
{
object value = newValue;
if ( value == null )
{
value = DBNull.Value;
}
Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value = value;
}
protected virtual void OnBeforeExecute() { }
public int Execute()
{
OnBeforeExecute( );
return Command.ExecuteNonQuery( );
}
public async Task<int> ExecuteAsync( CancellationToken cancellationToken )
{
OnBeforeExecute( );
return await Command.ExecuteNonQueryAsync( cancellationToken );
}
}
public static class DbCommandExtensions
{
public static DbParameter AddParameter( this DbCommand command, Action<DbParameter> configureAction )
{
var parameter = command.CreateParameter( );
configureAction( parameter );
command.Parameters.Add( parameter );
return parameter;
}
}
现在为您的语句定义一个接口
public interface IInsertInformationQuery : IExecuteQuery
{
string CodeId { get; set; }
string SubInventoryCode { get; set; }
string ContactCode { get; set; }
string CompanyCode { get; set; }
string CorgCode { get; set; }
string UserCode { get; }
}
实施
public class SqlInsertInformationQuery : SqlExecuteQuery, IInsertInformationQuery
{
public SqlInsertInformationQuery( DbConnection connection ) : base( connection )
{
}
protected override void OnBeforeExecute()
{
UserCode = App_Common._USER_CODE; // this should be injected
}
protected override void PrepareCommand( DbCommand command )
{
command.CommandText =
@"INSERT INTO do_information ( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by ) " +
@"VALUES ( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )";
command.AddParameter( p =>
{
p.ParameterName = "@CodeId";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@SubInventoryCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@ContactCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CompanyCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CorgCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@UserCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
}
public string CodeId
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string SubInventoryCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string ContactCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CompanyCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CorgCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string UserCode
{
get => GetParameterValue<string>( );
private set => SetParamaterValue( value );
}
}
最后,您的代码看起来像
public override bool fnSaveNewRecord()
{
var database = new SqlDatabase(App_Common._WSFCSConnStr);
using ( var connection = database.CreateConnection() )
{
connection.Open();
IInsertInformationQuery query = new SqlInserInformationQuery( connection );
query.CodeId = txt_CodeID.Text.Trim();
query.SubInventoryCode = cbx_SubInventoryCode.Text;
query.ContactCode = cbx_ContactCode.Text;
query.CompanyCode = cbx_CompanyCode.Text;
query.CorgCode = cbx_CorgCode.Text;
var recordsAffected = query.Execute();
}
return base.fnSaveNewRecord();
}
解决方案3
0 2017-02-16 10:02:34
您的SQL查询错误:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES ('" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "')";
您的值必须放在方括号中。 看看这个:
消息=')' 附近的语法不正确。 Source=Core.Net SqlClient 数据提供者
[英]Message=Incorrect syntax near ')'. Source=Core .Net SqlClient Data Provider
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.