1. 首頁
  2. 問答
  3. System.Data.SqlClient.SqlException:')'附近的語法不正確

System.Data.SqlClient.SqlException:')'附近的語法不正確

2014-03-29 103 views
0

我正在嘗試從SQL Server數據庫檢索值的SQL命令中出現錯誤。它在標題中提到了瀏覽器中的錯誤。如果我刪除AND操作System.Data.SqlClient.SqlException:')'附近的語法不正確

string jdate = (string)Session["jdate"]; 
string clas = (string)Session["class"]; 
string scode = (string)Session["scode"]; 
string dcode = (string)Session["dcode"]; 
cn = new SqlConnection(ConfigurationManager.ConnectionStrings["dummyConnectionString"].ToString()); 

// error shows up on this line 
string slct = "SELECT Route.Route_Source, Route.Route_Destination, Flight.Flight_Name, Schedule.Depart_Time, Schedule.Arr_Time, Schedule.Route_rate_Ad , Seats." + jdate + 
       "Schedule.Sch_id FROM Schedule INNER JOIN Flight ON Schedule.Flight_Id = Flight.Flight_id INNER JOIN Route ON Schedule.Route_id = Route.Route_id INNER JOIN Seats ON Seats.Sch_id = Schedule.Sch_id WHERE (Route.Route_Source =" + scode + ") AND (Route.Route_Destination =" + dcode + ") AND (Seats.Class=" + clas + ") ORDER BY Schedule.Depart_Time, Schedule.Arr_Time, Flight.Flight_Name"; 

cn.Open(); 

SqlDataAdapter da = new SqlDataAdapter(slct, cn); 
DataSet ds = new DataSet(); 
da.Fill(ds); 

SearchView.DataSource = ds; 
SearchView.DataBind();

來源

2014-03-29 user3425101

+2

你的'where'子句中的一個值是否爲空?這將導致'where(some_column =)' –

+3

打印您的'slct'變量以查看生成的SQL語句。 – Selcuk

+4

要修復的第一件事:使用參數化的SQL,而不是直接將值放入。我還建議使用逐字字符串文字,以便您可以輕鬆地將SQL放在多行上,以使其更具可讀性。 –

回答

1

它顯示了錯誤的括號內應使用參數化查詢。
這將允許更容易理解的查詢文本,避免簡單的語法錯誤
(如在第一行(jdate)結束的缺失逗號),
避免SQL注入和含引號或小數點分隔符

串解析問題 
string slct = @"SELECT Route.Route_Source, Route.Route_Destination, 
       Flight.Flight_Name, Schedule.Depart_Time, Schedule.Arr_Time, 
       Schedule.Route_rate_Ad, Seats." + jdate + ", Schedule.Sch_id " + 
       @"FROM Schedule INNER JOIN Flight ON Schedule.Flight_Id = Flight.Flight_id 
         INNER JOIN Route ON Schedule.Route_id = Route.Route_id 
         INNER JOIN Seats ON Seats.Sch_id = Schedule.Sch_id 
       WHERE (Route.Route_Source = @scode) 
        AND (Route.Route_Destination [email protected]) 
        AND ([email protected]) 
       ORDER BY Schedule.Depart_Time, Schedule.Arr_Time, Flight.Flight_Name"; 

cn.Open(); 
SqlCommand cmd = new SqlCommand(slct, cn); 
cmd.Parameters.AddWithValue("@scode", scode); 
cmd.Parameters.AddWithValue("@dcode", dcode); 
cmd.Parameters.AddWithValue("@class", clas); 
SqlDataAdapter da = new SqlDataAdapter(cmd); 
DataSet ds = new DataSet(); 
da.Fill(ds);

來源

2014-03-29 13:36:00 Steve

相關問題

 相關問題