我有一個搜索查詢正在拋出此錯誤Incorrect syntax near 'userId'
,我不知道爲什麼以及如何解決它。它正在影響其他搜索查詢中'userId'附近的語法不正確
我的SQL查詢
oCommand = new SqlCommand(@"Select us.sFieldValue5, u.sUserName, d.sName, TB_USER_CUSTOMINFO.sFieldValue2, u.nUserIdn
From TB_USER u(nolock)
left join [TB_USER_CUSTOMINFO] us(nolock) on us.nUserIdn = u.nUserIdn
left join TB_USER_CUSTOMINFO on u.nUserIdn = TB_USER_CUSTOMINFO.nUserIdn
left join TB_USER_DEPT d(nolock) on d.nDepartmentIdn = u.nDepartmentIdn
where (u.sUserName like '%" + txtUsername.Text + @"%' or '" + txtUsername.Text + @"' = '')
and (us.sFieldValue5 like '%" + txtUserID.Text + @"%' or '" + txtUserID.Text + @"' = '')
and (d.sDepartment like '%" + sDepartment + @"%' or '" + sDepartment + @"' = '--Select Department--')
and (u.nUserIdn = " + userId + @" or " + txtusersID.Text + @" = 0)", oConnection);
請使用參數化查詢來避免構建像這樣的查詢。它使您的代碼更安全,更易於閱讀。 – 2014-12-08 07:28:23
最後一行是userId的變量類型是什麼? – 2014-12-08 07:43:14
字符串生成器,格式化程序,參數化查詢,請使用這個親愛的,使您的代碼成熟... – 2014-12-08 07:46:27