![](/img/trans.png)
[英]ASP.NET WebForms: Request.GetFriendlyUrlFileVirtualPath() returns empty string
[英]Method returns empty string in ASP.Net
我在使用此方法時遇到麻煩。 它返回空字符串,這是怎么回事?
我有這種方法:
public static string GetData(string Table1, string Column1, string WhereColumn, string WhereValue)
{
Table1 = Methods.cleaninjection(Table1); // Some injection method that cleans the string
SqlConnection connection = new SqlConnection(WebConfigurationManager.ConnectionStrings["connection"].ConnectionString);
SqlCommand command = new SqlCommand("SELECT " + "@Column1" + " FROM " + Table1 + " WHERE " + "@WhereColumn" + " = " + "@WhereValue", connection);
command.Parameters.AddWithValue("Column1", Column1);
command.Parameters.AddWithValue("WhereColumn", WhereColumn);
command.Parameters.AddWithValue("WhereValue", WhereValue);
try
{
if ((connection.State == ConnectionState.Closed) || (connection.State == ConnectionState.Broken))
{
connection.Open();
}
string veri = Convert.ToString(command.ExecuteScalar());
return veri;
}
finally
{
connection.Close();
}
}
當我運行此命令時,命令字符串如下所示:
從表1中選擇SELECT @ Column1 WHERE @WhereColumn = @WhereValue
看起來正確,但我找不到錯誤所在。
有任何想法嗎?
如前所述,您無法參數化您的列名和表名。 相反,請進行字符串連接:
"SELECT " + Column1 + " FROM " + Table1 + " WHERE " + WhereColumn + " = @WhereValue";
這是您的代碼應為的樣子:
public static string GetData(string Table1, string Column1, string WhereColumn, string WhereValue)
{
Table1 = Methods.cleaninjection(Table1); // My injection method that cleans the string
string sql = "SELECT " + Column1 + " FROM " + Table1 + " WHERE " + @WhereColumn + " = @WhereValue";
using (SqlConnection connection = new SqlConnection(WebConfigurationManager.ConnectionStrings["connection"].ConnectionString))
{
using (SqlCommand command = new SqlCommand(sql, connection))
{
command.Parameters.Add("@WhereValue", SqlDbType.VarChar, 50).Value = WhereValue;
connection.Open();
string veri = Convert.ToString(command.ExecuteScalar());
return veri;
}
}
}
筆記:
AddWithValue
。 使用Parameters.Add()
代替。 根據這篇文章: AddWithValue()函數存在問題:它必須推斷查詢參數的數據庫類型。 事情是這樣的:有時會出錯。
Using
包裝對象,以確保正確清理資源。 []
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.