消息:“ ID”附近的語法不正確
[英]Message: Incorrect syntax near 'ID'
問題描述
我可以問為什么彈出消息時在ID附近出現錯誤嗎?我找不到解決方案。 單擊按鈕后,它會彈出此消息。
消息: “ ID”附近的語法不正確
public override bool fnSaveNewRecord()
{
DataSet _ds;
string _sql;
object _obj;
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'";
_ds = new DataSet();
_obj = new SqlDatabase(App_Common._WSFCSConnStr) as SqlDatabase;
_ds = ((SqlDatabase)_obj).ExecuteDataSetQ(_sql);
return base.fnSaveNewRecord();
}
3 個解決方案
解決方案1
3 2017-02-16 10:06:13
嘗試使用以下查詢:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES( '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'"+ "')'";
您已經錯過了@Peter B評論的Values(v1,v2)括號的使用。
請看此鏈接以供參考SQL插入語句。
而且,使用參數化查詢總是比連接字符串更好,因為它易於受到SQL注入攻擊。
這是使用參數化查詢的參考。
希望這可以幫助!
解決方案2
3 2017-02-16 13:42:35
您的SQL語句錯誤,因為缺少值的括號。
該代碼非常混亂,一見鍾情。 因此,最好使用參數來獲得更清晰的語句,您可以輕松閱讀並檢查語法錯誤:
INSERT INTO do_information
( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by )
VALUES
( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )
但是您甚至可以做更多的工作來使這段代碼更干凈。 包裝所有查詢。 這是您的陳述的示例:
從一些可重用的基本聲明開始
public interface IExecuteQuery
{
int Execute();
Task<int> ExecuteAsync( CancellationToken cancellationToken );
}
public abstract class SqlExecuteQuery : IExecuteQuery
{
private readonly DbConnection _connection;
private readonly Lazy<DbCommand> _command;
protected SqlExecuteQuery( DbConnection connection )
{
if ( connection == null )
throw new ArgumentNullException( nameof( connection ) );
_connection = connection;
_command = new Lazy<DbCommand>(
() =>
{
var command = _connection.CreateCommand( );
PrepareCommand( command );
return command;
} );
}
protected abstract void PrepareCommand( DbCommand command );
protected DbCommand Command => _command.Value;
protected virtual string GetParameterNameFromPropertyName( string propertyName )
{
return "@" + propertyName;
}
protected T GetParameterValue<T>( [CallerMemberName] string propertyName = null )
{
object value = Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value;
if ( value == DBNull.Value )
{
value = null;
}
return (T) value;
}
protected void SetParamaterValue<T>( T newValue, [CallerMemberName] string propertyName = null )
{
object value = newValue;
if ( value == null )
{
value = DBNull.Value;
}
Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value = value;
}
protected virtual void OnBeforeExecute() { }
public int Execute()
{
OnBeforeExecute( );
return Command.ExecuteNonQuery( );
}
public async Task<int> ExecuteAsync( CancellationToken cancellationToken )
{
OnBeforeExecute( );
return await Command.ExecuteNonQueryAsync( cancellationToken );
}
}
public static class DbCommandExtensions
{
public static DbParameter AddParameter( this DbCommand command, Action<DbParameter> configureAction )
{
var parameter = command.CreateParameter( );
configureAction( parameter );
command.Parameters.Add( parameter );
return parameter;
}
}
現在為您的語句定義一個接口
public interface IInsertInformationQuery : IExecuteQuery
{
string CodeId { get; set; }
string SubInventoryCode { get; set; }
string ContactCode { get; set; }
string CompanyCode { get; set; }
string CorgCode { get; set; }
string UserCode { get; }
}
實施
public class SqlInsertInformationQuery : SqlExecuteQuery, IInsertInformationQuery
{
public SqlInsertInformationQuery( DbConnection connection ) : base( connection )
{
}
protected override void OnBeforeExecute()
{
UserCode = App_Common._USER_CODE; // this should be injected
}
protected override void PrepareCommand( DbCommand command )
{
command.CommandText =
@"INSERT INTO do_information ( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by ) " +
@"VALUES ( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )";
command.AddParameter( p =>
{
p.ParameterName = "@CodeId";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@SubInventoryCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@ContactCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CompanyCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CorgCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@UserCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
}
public string CodeId
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string SubInventoryCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string ContactCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CompanyCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CorgCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string UserCode
{
get => GetParameterValue<string>( );
private set => SetParamaterValue( value );
}
}
最后,您的代碼看起來像
public override bool fnSaveNewRecord()
{
var database = new SqlDatabase(App_Common._WSFCSConnStr);
using ( var connection = database.CreateConnection() )
{
connection.Open();
IInsertInformationQuery query = new SqlInserInformationQuery( connection );
query.CodeId = txt_CodeID.Text.Trim();
query.SubInventoryCode = cbx_SubInventoryCode.Text;
query.ContactCode = cbx_ContactCode.Text;
query.CompanyCode = cbx_CompanyCode.Text;
query.CorgCode = cbx_CorgCode.Text;
var recordsAffected = query.Execute();
}
return base.fnSaveNewRecord();
}
解決方案3
0 2017-02-16 10:02:34
您的SQL查詢錯誤:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES ('" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "')";
您的值必須放在方括號中。 看看這個:
消息=')' 附近的語法不正確。 Source=Core.Net SqlClient 數據提供者
[英]Message=Incorrect syntax near ')'. Source=Core .Net SqlClient Data Provider
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.