檢查數據庫文件中是否存在ID時出錯

Question

我想檢查數據庫中是否已經存在某個ID。如果沒有，我希望用戶將ID更改爲其他內容。

所有這些都在textobx的TextChanged函數中完成。

的問題是，我得到一個錯誤，因爲查詢看起來不錯，我不知道爲什麼我看到：The SELECT statement includes a reserved word or an argument name that is misspelled or missing, or the punctuation is incorrect.

方法，做了檢查：

private bool DoesIDExist(int dataID, string filePath) 
{ 
    HashPhrase hash = new HashPhrase(); 
    DataTable temp = new DataTable(); 

    string hashShortPass = hash.ShortHash(pass); 
    bool result = false; 

    // Creating a connection string. Using placeholders make code 
    // easier to understand. 
    string connectionString = 
     @"Provider=Microsoft.ACE.OLEDB.12.0; Data Source={0}; 
      Persist Security Info=False; Jet OLEDB:Database Password={1};"; 

    string sql = string.Format 
     ("SELECT FROM PersonalData WHERE [DataID] = {0}", dataID); 

    using (OleDbConnection connection = new OleDbConnection()) 
    { 
     // Creating command object. 
     // Using a string formatting let me to insert data into 
     // place holders I have used earlier. 
     connection.ConnectionString = 
      string.Format(connectionString, filePath, hashShortPass); 

     using (OleDbCommand command = new OleDbCommand(sql, connection)) 
     { 
      // Creating command object. 
      // Using a string formatting let me to insert data into 
      // place holders I have used earlier. 
      connection.ConnectionString = 
       string.Format(connectionString, filePath, hashShortPass); 

      try 
      { 
       // Open database connection. 
       connection.Open(); 

       using (OleDbDataReader read = command.ExecuteReader()) 
       { 
        // Checking if there is any data in the file. 
        if (read.HasRows) 
        { 
         // Reading information from the file. 
         while (read.Read()) 
         { 
          if (read.GetInt32(0) == dataID) 
           return true; 
         } 
        } 
       } 
      } 
      catch (Exception ex) 
      { 
       MessageBox.Show("Error: " + ex.Message); 
      } 
     } 
    } 

    return result; 
} 

Answer 1

我覺得你的選擇缺少一些你想要提取的列？

string sql = string.Format 
    ("SELECT FROM PersonalData WHERE [DataID] = {0}", dataID); 

它不應該是這樣的：

string sql = string.Format 
    ("SELECT * FROM PersonalData WHERE [DataID] = {0}", dataID); 

Answer 2

你需要指定SELECT條款中的一些內容。我猜：

SELECT DataID FROM PersonalData WHERE ... 

Answer 3

問題是這行代碼：

string sql = string.Format 
     ("SELECT FROM PersonalData WHERE [DataID] = {0}", dataID); 

您需要指定要選擇什麼。例如：SELECT *，SELECT [MyColumn]，SELECT TOP 1 *等，根據您的需求，喜歡的東西好像是你在找什麼：

string sql = string.Format 
("SELECT COUNT(*) AS UserCount FROM PersonalData WHERE [DataID] = {0}", dataID); 

附加信息：

如果使用這種方法網絡上說，從查詢字符串中提取一個ID，然後你打開SQL注入攻擊。略modifiying您的代碼將解決這個問題：

string sql = "SELECT FROM PersonalData WHERE [DataID] = @DataID"; 

using (OleDbCommand command = new OleDbCommand(sql, connection)) 
     { 
      command.Parameters.AddWithValue("@DataID", dataID); 
     } 

Answer 4

你錯過了什麼選擇

string sql = string.Format 
    ("SELECT FROM PersonalData WHERE [DataID] = {0}", dataID); 

更改爲類似

string sql = string.Format 
    ("SELECT * FROM PersonalData WHERE [DataID] = {0}", dataID); 

和：你打開SQL-注入您構建查詢的方式。