1. 首頁
  2. 問答
  3. ASP.NET和SQL Server:'?'附近語法不正確

ASP.NET和SQL Server:'?'附近語法不正確

2014-10-31 78 views
0

我收到一個錯誤ASP.NET和SQL Server:'?'附近語法不正確

附近的語法不正確?

當試圖使用更新查詢功能。代碼來自SagePay http://www.sagepay.co.uk/file/12136/download-document/DotNetkit%201.2.6.7%20-%202014-08-14.zip?token=BJFwtM7qNnnm5ZCc_l_dOhq4INB0cQTPCxCd5JOpeh4並涉及其服務器InFrame實現。

據我所見,順序被正確傳遞,字段列表匹配數據庫,只是不理解爲什麼我看到這個錯誤。該代碼最初是爲MySQL創建的,但必須適應SQL Server。

我試圖調試,但實際上並不能看到正在致力於從cmd.ExecuteNonQuery();在SQL Server中的任何幫助,將不勝感激,這裏是代碼:

private static readonly List<String> FieldNames = new List<String> 
{ 
    VendorTxCodeField, AddressResultField, AddressStatusField, AmountField, AvsCv2Field, BankAuthCodeField, BasketField, 
    BillingFirstnamesField, BillingSurnameField, BillingPhoneField, BillingAddress1Field, BillingAddress2Field, BillingCityField, 
    BillingPostCodeField, BillingStateField, BillingCountryField, DeclineCodeField, DeliveryFirstnamesField, DeliverySurnameField, DeliveryPhoneField, 
    DeliveryAddress1Field, DeliveryAddress2Field, DeliveryCityField, DeliveryPostCodeField, DeliveryStateField, DeliveryCountryField, 
    CapturedAmountField, CardTypeField, CavvField, CurrencyField, CustomerEmailField, Cv2ResultField, ExpiryDateField, FraudResponseField, 
    GiftAidField, Last4DigitsField, LastUpdatedField, PayerIdField, PayerStatusField, PostCodeResultField, 
    RelatedVendorTxCodeField, SecurityKeyField, StatusField, StatusMessageField, SurchargeField, ThreeDSecureStatusField, 
    TransactionTypeField, TxAuthNoField, TokenIdField, VpsTxIdField 
};  

public static bool UpdateOrder(Order order, string vendorTxCode) 
{ 
    var result = false; 

    SqlConnection conn = null; 

    try 
    { 
     conn = new SqlConnection(ConnectionString); 
     conn.Open(); 

     var cmd = new SqlCommand 
     { 
      Connection = conn, CommandText = "UPDATE Orders SET " + string.Join(",", FieldNames.Select(field => field + "=?" + field).ToList()) + " WHERE " + VendorTxCodeField + " =?" + VendorTxCodeField 
     }; 

     cmd.Prepare(); 

     AddOrderParameters(cmd, order); 

     cmd.ExecuteNonQuery(); 

     result = true; 
    } 
    catch (SqlException ex) 
    { 
     Console.WriteLine("Error: {0}", ex); 
    } 
    finally 
    { 
     if (conn != null) 
     { 
      conn.Close(); 
     } 
    } 

    return result; 
} 

private static void AddOrderParameters(SqlCommand command, Order order) 
{ 
    command.Parameters.AddWithValue(VendorTxCodeField, order.VendorTxCode); 
    command.Parameters.AddWithValue(AddressResultField, order.AddressResult); 
    command.Parameters.AddWithValue(AddressStatusField, order.AddressStatus); 
    command.Parameters.AddWithValue(AmountField, order.Amount); 
    command.Parameters.AddWithValue(AvsCv2Field, order.AvsCv2); 
    command.Parameters.AddWithValue(BankAuthCodeField, order.BankAuthCode); 
    command.Parameters.AddWithValue(BasketField, order.Basket); 
    command.Parameters.AddWithValue(BillingAddress1Field, order.BillingAddress1); 
    command.Parameters.AddWithValue(BillingAddress2Field, order.BillingAddress2); 
    command.Parameters.AddWithValue(BillingCityField, order.BillingCity); 
    command.Parameters.AddWithValue(BillingCountryField, order.BillingCountry); 
    command.Parameters.AddWithValue(BillingFirstnamesField, order.BillingFirstnames); 
    command.Parameters.AddWithValue(BillingPhoneField, order.BillingPhone); 
    command.Parameters.AddWithValue(BillingPostCodeField, order.BillingPostCode); 
    command.Parameters.AddWithValue(BillingStateField, order.BillingState); 
    command.Parameters.AddWithValue(BillingSurnameField, order.BillingSurname); 
    command.Parameters.AddWithValue(CapturedAmountField, order.CapturedAmount); 
    command.Parameters.AddWithValue(CardTypeField, order.CardType); 
    command.Parameters.AddWithValue(CavvField, order.Cavv); 
    command.Parameters.AddWithValue(CurrencyField, order.Currency); 
    command.Parameters.AddWithValue(CustomerEmailField, order.CustomerEmail); 
    command.Parameters.AddWithValue(Cv2ResultField, order.Cv2Result); 
    command.Parameters.AddWithValue(DeclineCodeField, order.DeclineCode); 
    command.Parameters.AddWithValue(DeliveryAddress1Field, order.DeliveryAddress1); 
    command.Parameters.AddWithValue(DeliveryAddress2Field, order.DeliveryAddress2); 
    command.Parameters.AddWithValue(DeliveryCityField, order.DeliveryCity); 
    command.Parameters.AddWithValue(DeliveryCountryField, order.DeliveryCountry); 
    command.Parameters.AddWithValue(DeliveryFirstnamesField, order.DeliveryFirstnames); 
    command.Parameters.AddWithValue(DeliveryPhoneField, order.DeliveryPhone); 
    command.Parameters.AddWithValue(DeliveryPostCodeField, order.DeliveryPostCode); 
    command.Parameters.AddWithValue(DeliveryStateField, order.DeliveryState); 
    command.Parameters.AddWithValue(DeliverySurnameField, order.DeliverySurname); 
    command.Parameters.AddWithValue(ExpiryDateField, order.ExpiryDate); 
    command.Parameters.AddWithValue(FraudResponseField, order.FraudResponse); 
    command.Parameters.AddWithValue(GiftAidField, order.GiftAid); 
    command.Parameters.AddWithValue(Last4DigitsField, order.Last4Digits); 
    command.Parameters.AddWithValue(LastUpdatedField, order.LastUpdated); 
    command.Parameters.AddWithValue(PayerIdField, order.PayerId); 
    command.Parameters.AddWithValue(PayerStatusField, order.PayerStatus); 
    command.Parameters.AddWithValue(PostCodeResultField, order.PostCodeResult); 
    command.Parameters.AddWithValue(RelatedVendorTxCodeField, order.RelatedVendorTxCode); 
    command.Parameters.AddWithValue(SecurityKeyField, order.SecurityKey); 
    command.Parameters.AddWithValue(StatusField, order.Status); 
    command.Parameters.AddWithValue(StatusMessageField, order.StatusMessage); 
    command.Parameters.AddWithValue(SurchargeField, order.Surcharge); 
    command.Parameters.AddWithValue(ThreeDSecureStatusField, order.ThreeDSecureStatus); 
    command.Parameters.AddWithValue(TokenIdField, order.TokenId); 
    command.Parameters.AddWithValue(TransactionTypeField, order.TransactionType); 
    command.Parameters.AddWithValue(TxAuthNoField, order.TxAuthNo); 
    command.Parameters.AddWithValue(VpsTxIdField, order.VpsTxId); 
}

來源

2014-10-31 iggyweb

+1

您最後會遇到類似'SET VendorTxCodeField =?VendorTxCodeField'的聲明,這是無效的。將'?'更改爲'@',以便最終生成'SET VendorTxCodeField = @ VendorTxCodeField'。您還應該謹慎使用[AddWithValue](http://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/),明確指出類型(例如'Parameters.Add(「@ Name」,SqlDbType.VarChar,50).Value =「Some Parameter」)'雖然更詳細,但更安全。 – GarethD 2014-10-31 09:48:11

+0

我現在正在收到以下錯誤:'參數化查詢'(@VendorTxCode nvarchar(36),@AddressResult nvarchar(4000),@Address'期望參數'@AddressResult',它沒有提供。「'所以我正確在說我需要用適當的數據類型修改'AddOrderParameters'? – iggyweb 2014-10-31 10:05:44

+0

如果你像'Parameters.AddWithValue(「@ Test」,null)','@ Test'這樣做的話,通常這是一個空參數值。你需要檢查空參數,並可能做類似「Parameters.Add(」@ Test「,SqlDbType.VarChar,50).Value = String.IsNullOrEmpty(order.AddressResult)?DbNull .Value:(object)order.AddressResult;'或者在需要的時候添加一個空字符串 – GarethD 2014-10-31 10:12:14

回答

2

你必須使用@爲SQL α參數。也許這可以解決你的問題,但我必須承認,我不理解查詢,因爲列名與值相同。然而...

string sql = @"UPDATE Orders SET {0} 
       Where {1}[email protected]{1};"; 
sql = string.Format(sql 
    , string.Join(",", FieldNames.Select(field => string.Format("{0}[email protected]{0}", field))) 
    , VendorTxCodeField); 

using (SqlCommand cmd = new SqlCommand(sql, conn)) 
{ 
    for (int i = 0; i < FieldNames.Count; i++) 
    { 
     cmd.Parameters.AddWithValue(FieldNames[i], FieldNames[i]); 
    } 
    // open connection and execute the command... 
}

來源

2014-10-31 09:59:43

+0

代碼來自SagePay我只是試圖讓它與我們的SQL Server一起工作,一旦我離開這次會議,我會嘗試您的建議,謝謝。 – iggyweb 2014-10-31 10:15:44

相關問題

 相關問題