输入字符串的格式不正确。 使用 MYSQL

Question

我有一个过去几周一直在工作的代码，但收到一个错误“输入字符串的格式不正确”

注意：（MVC Asp.net）

视图从 Razor 页面 URL 获取数据并执行查询

URL 是这样的： https://localhost:44348/Devices/Details/5?typeName=Dongle

以及以下查看代码：

    public ActionResult Details(string typeName, int? id)
    {
        var sql = "SELECT A.*," +
             " COALESCE(ps.first_name, '') as firstname," +
             " COALESCE(ps.last_name, '') as lastname," +
             " COALESCE(p.program_name, '') as program_Name, " +
             " COALESCE(l.loan_date, '') as loan_date, " +
             " COALESCE(l.return_date, '') as return_date" +
             " FROM devices A" +
             " LEFT JOIN device_loans l on l.device_id = A.device_id" +
             " LEFT JOIN persons ps on ps.person_id = l.person_id" +
             " LEFT JOIN programs p on A.program_id = p.program_id" +
             " WHERE A.device_type = '" + typeName + "' and p.program_id = "+ id +";";

        var devices = _context.DeviceDetails
            .FromSqlRaw(sql)
            .ToList();

        return View(devices);
    }

我已经尝试使用参数占位符传递参数但仍然无法正常工作

请帮忙。

Answer 1

因为您的参数 id: 可以为空，所以您需要组合 sql ，例如：

var sql = "SELECT A.*," +
     " COALESCE(ps.first_name, '') as firstname," +
     " COALESCE(ps.last_name, '') as lastname," +
     " COALESCE(p.program_name, '') as program_Name, " +
     " COALESCE(l.loan_date, '') as loan_date, " +
     " COALESCE(l.return_date, '') as return_date" +
     " FROM devices A" +
     " LEFT JOIN device_loans l on l.device_id = A.device_id" +
     " LEFT JOIN persons ps on ps.person_id = l.person_id" +
     " LEFT JOIN programs p on A.program_id = p.program_id" +
     " WHERE A.device_type = '" + typeName + "'";
     
if(id!=null){
 sql += " and p.program_id = "+ id +";";
 }

顺便说一句：您的代码有 SQL 注入风险