查詢表達式中字符串的語法錯誤
[英]syntax error in string in query expression
問題描述
即時通訊收到錯誤,其中“查詢EXPRESSION'用戶名=用戶'中字符串的語法錯誤我認為問題出在“ me.Username.tag”中,但即時通訊卡住了。
conn = New OleDbConnection(Get_Constring)
conn.Open()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommandText = "select Username, fname, lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag
dr = cmd.ExecuteReader
If dr.HasRows Then
While dr.Read
Me.txtusername.Tag = dr("Username")
Me.txtfname.Text = IIf(Not IsDBNull(dr("fname")), dr("fname"), "")
Me.txtlname.Text = IIf(Not IsDBNull(dr("lname")), dr("lname"), "")
Me.txtinitial.Text = IIf(Not IsDBNull(dr("mname")), dr("mname"), "")
Me.txtpassword.Text = IIf(Not IsDBNull(dr("password")), dr("password"), "")
Me.lbllevel.Text = IIf(Not IsDBNull(dr("level")), dr("level"), "")
Me.txtusername.Text = IIf(Not IsDBNull(dr("Username")), dr("Username"), "")
Me.cmbquestion.Text = IIf(Not IsDBNull(dr("Question")), dr("Question"), "")
Me.txtanswer.Text = IIf(Not IsDBNull(dr("answer")), dr("answer"), "")
End While
End If
3 個解決方案
解決方案1
3 2013-09-25 14:00:52
您沒有在查詢中關閉引號:
where Username= '" & Me.txtusername.Tag
應該:
where Username= '" & Me.txtusername.Tag & "'"
重要提示 :您的代碼可能容易受到SQL注入攻擊的攻擊。 請使用參數化查詢 。 像這樣:
cmd.CommandText = "select Username, fname, lname, mname, [password], [level], Question, answer from Instructor where Username= @username"
Dim parameter As New SqlParameter()
parameter.ParameterName = "@username"
parameter.SqlDbType = SqlDbType.NVarChar
parameter.Value = Me.txtusername.Tag
cmd.Parameters.Add(parameter);
解決方案2
2 已采納 2013-09-25 13:58:52
我認為問題是您沒有關閉單引號。
試試這個:
cmd.CommandText = "select Username, fname, lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag & "'"
解決方案3
1 2013-09-25 14:00:08
您尚未關閉查詢末尾打開的單引號
為什么我的UPDATE會觸發“查詢表達式中的字符串語法錯誤”錯誤?
[英]Why does my UPDATE trigger “Syntax error in string in query expression” error?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.