如何在vb.net中的SQL查詢中使用可變日期而不會出現語法11錯誤
[英]How to use variable dates in an SQL query inside vb.net without syntax 11 error
問題描述
我有一個基本的vb.net程序,可從SQL數據庫中提取查詢。 如果我對日期進行硬編碼,則我的程序可以正常工作,但是當我將代碼從以下位置更改時:
Dim dtstartdate As String = DateTime.Today
Dim dttomorrow As DateTime = DateTime.Today.AddDays(1)
Dim dtenddate As DateTime = dttomorrow.AddSeconds(-1)
Try
For icounter = 1 To 2
Call GetLocationInfo()
connectionString = "Data Source=" & LocationDB & ";Initial Catalog=database;Persist Security Info=True;User ID=login;Password=password"
sql = "select count(sTicket_number) as tickets from tickets where dtcreated between 2/8/2014 AND 2/9/2014 "
sqlCnn = New SqlConnection(connectionString)
sqlCnn.Open()
至:
Dim dtstartdate As String = DateTime.Today
Dim dttomorrow As DateTime = DateTime.Today.AddDays(1)
Dim dtenddate As DateTime = dttomorrow.AddSeconds(-1)
Try
For icounter = 1 To 2
Call GetLocationInfo()
connectionString = "Data Source=" & LocationDB & ";Initial Catalog=database;Persist Security Info=True;User ID=login;Password=password"
sql = "select count(sTicket_number) as tickets from tickets where dtcreated between " & dtstartdate & " AND " & dtenddate & ""
sqlCnn = New SqlConnection(connectionString)
sqlCnn.Open()
我收到“ 11附近的語法錯誤”。dtstartdate和dtenddate在做什么?
2 個解決方案
解決方案1
3 已采納 2014-02-09 23:01:06
您需要改為使用SQL參數。 否則,從長遠來看,您將需要進行大量調試,並且您的代碼容易受到SQL注入的攻擊。
sql = "select count(sTicket_number) as tickets from tickets where dtcreated between @START_DATE AND @END_DATE"
Dim cmd As New SqlCommand(sql, sqlCnn)
cmd.Parameters.AddWithValue("@START_DATE", dtstartdate)
cmd.Parameters.AddWithValue("@END_DATE", dtenddate )
解決方案2
1 2014-02-09 23:03:13
您需要將日期括在單引號( ' )中。 另外,我建議您開始使用參數化查詢來防止SQL注入攻擊。 像這樣:
Using sqlCnn As SqlConnection = New SqlConnection(connectionString)
sql = "select count(sTicket_number) as tickets from tickets where dtcreated between @StartDate AND @EndDate"
SqlCommand cmd = new SqlCommand(sql);
cmd.Parameters.AddWithValue("@StartDate", dtstartdate)
cmd.Parameters.AddWithValue("@EndDate", dtenddate)
sqlCnn.Open()
' Do the rest of your data access here
End Using
使用參數化查詢既可以防止SQL注入攻擊,也可以使您提供參數值而不必擔心是否需要使用引號。
VB.net在sql中存儲變量名稱以在進程啟動參數中使用
[英]VB.net storing variable names in sql for use in process launch arguments
如何在不使用Java腳本的情況下在c#和vb.net中注冊(以編程方式使用)鼠標懸停事件
[英]how to register( programmatically use) a mouse over event in c# and vb.net without using java script
如何在vb.net中使用此查詢-我無法理解從c#轉換為vb.net
[英]How do I use this query in vb.net - I cannot get my head around converting from c# to vb.net
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.