English 中文(简体)
获取 sql 错误: 字符串 904LPUH000614 后未关闭的引用标记
原标题:getting sql error :Unclosed quotation mark after the character string 904LPUH000614
  • 时间:2012-05-24 11:58:54
  •  标签:
  • c#
public partial class HardwareInformation : BaseForm
{
    string sWhere = "";
    public HardwareInformation()
    {
        InitializeComponent();
    }

    private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection objConn1 = new SqlConnection("Data Source=192.168.0.203;Initial Catalog=costing;User ID=sa;Password=Spareage@123");
        if ( searchtextbox.Text.Trim() != "" )
        {
            sWhere = "Where  Srno   " + searchtextbox.Text;      
        }

        SqlDataAdapter objAdapter = new SqlDataAdapter(@"Select distinct [Srno] ,[Employee Name] ,  [Department] ,  [Thin Client] , [Desktop] , [Lcd] , [Moniter] , [Printer] , [Ups]   from  [dbo].[HardwareDetail] " + sWhere + "", objConn1);
        DataTable objTable = new DataTable();
        objAdapter.Fill(objTable);
        dataGridView1.DataSource = objTable;
        dataGridView1.Columns[0].Width = 25;
        for (int i = 1; i < dataGridView1.Columns.Count; i++)
        {
            dataGridView1.Columns[i].ReadOnly = true;
        }
    }
问题回答

使用使用

"Where Srno =  " + searchtextbox.Text + " ";

您忘记了 srno 后签名, 并在文本框文本后关闭单个引号 。

在创建 SqlDataAdapter 的行中, 最后一次使用

 "[Ups] from [dbo].[HardwareDetail] " + sWhere, objConn1);

和 BTW 请注意 < 强 > SQL 喷射 。

时间:2012-05-24 12:02:24

在文本框文本后缺少 = = 符号缺失,尾引号缺失。因此它应该是

"Where  Srno =  " + searchtextbox.Text +" ";
时间:2012-05-24 12:04:41

您的代码很容易被 < a href=" http:// en.wikipedia. org/ wiki/ SQL_injection" rel=“ no follow” >SQL 喷射攻击 。 您应该 < enger > never 直接插入用户输入到您的 SQL 中, 而不清理它。 您真的需要更改为参数查询 :

SqlDataAdapter objAdapter = new SqlDataAdapter(@"Select distinct [Srno] ,[Employee Name] ,  [Department] ,  [Thin Client] , [Desktop] , [Lcd] , [Moniter] , [Printer] , [Ups]   from  [dbo].[HardwareDetail] WHERE Srno = @srno", objConn1);

// Change the length and dbtype to match your needs
objAdapter.Parameters.Add("@srno", SqlDbType.NChar, 15, searchtextbox.Text);

DataTable objTable = new DataTable();
objAdapter.Fill(objTable);

也消除了逃避引言和其他特殊人物的需要。

时间:2012-05-24 12:20:00


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
NSArray s, Primitive types and Boxing Oh My!

I m pretty new to the Objective-C world and I have a long history with .net/C# so naturally I m inclined to use my C# wits. Now here s the question: I feel really inclined to create some type of ...

时间:2009-11-13 04:15:39 回答:4 展示:1
C# Marshal / Pinvoke CBitmap?

I cannot figure out how to marshal a C++ CBitmap to a C# Bitmap or Image class. My import looks like this: [DllImport(@"test.dll", CharSet = CharSet.Unicode)] public static extern IntPtr ...

时间:2009-11-13 03:47:30 回答:1 展示:1
How to Use Ghostscript DLL to convert PDF to PDF/A

How to user GhostScript DLL to convert PDF to PDF/A. I know I kind of have to call the exported function of gsdll32.dll whose name is gsapi_init_with_args, but how do i pass the right arguments? BTW, ...

时间:2009-11-13 03:33:19 回答:3 展示:1
Linqy no matchy

Maybe it s something I m doing wrong. I m just learning Linq because I m bored. And so far so good. I made a little program and it basically just outputs all matches (foreach) into a label control. ...

时间:2009-11-13 03:12:54 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全