[英]Wierd double quote being generated by C# going into SQL syntax
誰能指出我在做什么錯,我在SQL中收到一條錯誤,說在第1行的''附近有語法錯誤
我已經嘗試了所有方法,似乎無法擺脫它?
這是我正在使用的代碼-
namespace WindowsFormsApplication1
{
public partial class Form1 : Form
{
MySqlConnection conn;
MySqlConnection conn1;
bool connection = false;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
this.toolStripStatusLabel1.Text = "Initialising";
db_connect();
}
private void db_connect()
{
string mydbconn = "server=localhost;user id=root;password=lap;database=test;";
string mydbconn1 = "server=localhost;user id=root;password=lap;database=test;";
try
{
conn = new MySqlConnection(mydbconn);
conn1 = new MySqlConnection(mydbconn1);
conn.Open();
conn1.Open();
this.toolStripStatusLabel1.Text = "Connected";
connection = true;
if (connection == true)
{
read_data();
}
}
catch (Exception ex)
{
this.toolStripStatusLabel1.Text = "WRONG";
connection = false;
}
}
private void read_data()
{
string sql = "SELECT first_name, last_name FROM dan";
MySqlCommand cmd = new MySqlCommand(sql, conn);
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
string newsql = "REPLACE INTO dan1 (first_name, last_name) values";
newsql += "(";
for (int i = 0; i < 2; i++)
{
newsql += reader.GetString(i);
}
// System.Console.WriteLine(newsql);
int res = 0;
MySqlCommand cmd1 = new MySqlCommand(newsql, conn1);
try
{
res = cmd1.ExecuteNonQuery();
this.richTextBox1.Text = "copying";
}
catch (MySqlException ex)
{
this.richTextBox1.Text = ex.Message;
}
}
}
}
}
您正在創建一個查詢,如下所示:
REPLACE INTO dan1 (first_name, last_name) values(JohnDoe
什么時候看起來像這樣;
REPLACE INTO dan1 (first_name, last_name) values ('John', 'Doe')
要像這樣動態創建SQL,您需要正確地轉義所有字符串數據,並且正確完成此操作的方式取決於您使用的數據庫。 對於MySQL,它將是:
string newsql = "REPLACE INTO dan1 (first_name, last_name) values (";
bool first = true;
for (int i = 0; i < 2; i++) {
if (first) {
first = false;
} else {
newsql += ",";
}
newsql += "'" + reader.GetString(i).Replace("\\", "\\\\").Replace("'", "\\'") + "'";
}
newsql += ")";
但是,您寧願使用參數化查詢,也不必擔心格式化查詢和正確轉義字符的麻煩:
string newsql = "REPLACE INTO dan1 (first_name, last_name) values (@FirstName, @LastName)";
MySqlCommand cmd1 = new MySqlCommand(newsql, conn1);
cmd1.Parameters.Add("@FirstName", reader.GetString(0));
cmd1.Parameters.Add("@LastName", reader.GetString(1));
至少我認為您的查詢可能缺少結尾括號。 您的代碼似乎生成如下查詢:
REPLACE INTO dan1 (first_name, last_name) values (first_name last_name
缺少結束)
。 我也沒有看到在values子句中添加逗號來分隔項目,並且可能未引用項目本身。 嘗試這個:
string newsql = "REPLACE INTO dan1 (first_name, last_name) values";
newsql += "(";
for (int i = 0; i < 2; i++)
{
newsql += reader.GetString(i);
}
newsql += ")";
// System.Console.WriteLine(newsql);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.