無法從sql數據庫檢索帶點符號的數據

Question

在我的項目（vb.net）中，我將一個網站的IP地址存儲在一個表中，並且列表的類型爲nvarchar。但我無法從表格中檢索它。我不知道它是否與「點」符號有關。請幫忙。

這是命令我使用

query = "select *from restricted_sites where site_address='" + webip + "'" 

webip是網站的IP地址。

Imports System.Data.SqlClient 
Imports System.Net 
Public Class restrict 
    Private Sub clear_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles clear_button.Click 
     site_TextBox1.Text = "" 
     addr_TextBox1.Text = "" 
    End Sub 
    Private Sub submit_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles submit_button.Click 
     Dim connectionstr As String 
     Dim query As String 
     Dim conn As SqlConnection 
     Dim cmd As SqlCommand 
     Dim webip As String 
     Dim hostname As IPHostEntry = Dns.GetHostByName(addr_TextBox1.Text) 
     Dim ip As IPAddress() = hostname.AddressList 
     Try 
      webip = ip(0).ToString 
      connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" 
      conn = New SqlConnection(connectionstr) 
      conn.Open() 
      query = "insert into restricted_sites values('" + site_TextBox1.Text + "','" + webip + "')" 
      cmd = New SqlCommand(query, conn) 
      cmd.ExecuteNonQuery() 
      MsgBox("Website added for restriction", MsgBoxStyle.Information) 
      conn.Close() 
     Catch ex As SqlException 
     End Try 
    End Sub 
End Class 

Private Sub Combox1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles Combox1.KeyPress 
     If e.KeyChar = Convert.ToChar(Keys.Enter) Then 
      Dim connectionstr As String 
      Dim query As String 
      Dim cmd As SqlCommand 
      Dim reader As SqlDataReader 
      Dim conn As SqlConnection 
      Dim url As String = "" 
      Dim webip As String 
      Dim hostname As IPHostEntry = Dns.GetHostByName(Combox1.Text) 
      Dim ip As IPAddress() = hostname.AddressList 
      webip = ip(0).ToString 
      connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" 
      conn = New SqlConnection(connectionstr) 
      conn.Open() 
      query = "select * from restricted_sites where site_address='" + webip + "'" 
      cmd = New SqlCommand(query, conn) 
      reader = cmd.ExecuteReader 
      While (reader.Read()) 
       url = reader(2) 
      End While 
      reader.Close() 
      MsgBox(url, MsgBoxStyle.Information) 
      If webip <> url Then 
       AxWebBrowser1.Navigate(Combox1.Text) 
       Combox1.Text = AxWebBrowser1.LocationURL 
      Else 
       MsgBox("This Web Page is Restricted.Contact the ADMIN for Further Info", MsgBoxStyle.Critical) 
      End If 
     End If 
     If e.KeyChar = Convert.ToChar(Keys.Escape) Then 
      AxWebBrowser1.Stop() 
     End If 
    End Sub 

第二個代碼是比較部。 query =「select * from restricted_sites where site_address ='」+ webip +''「 此代碼是問題所在。 這是我的代碼，通過匹配存儲在數據庫中的IP地址來限制網站，當URL正在導航。

Answer 1

你需要把*和from像這樣一個空格：

query = "select * from restricted_sites where site_address='" + webip + "'" 

點符號（想必你在webip的意思），將不會是一個問題，因爲它是在一個字符串

Answer 2

您的查詢語法錯誤。你忘記了*和from之間的空間。

select *from restricted_sites 
    ^here 

應該

select * from restricted_sites 

側面說明，因爲你正在使用VBNet，請通過adonet命令做參數化查詢和參數作爲當前的查詢是容易與SQL Injection。

Answer 3

如果你正在做的是檢查，如果一個IP地址字符串是在數據庫中，你只需要計算該字符串的出現次數的數量：

query = "SELECT COUNT(*) FROM restricted_sites WHERE site_address = @WebIp;" 
cmd = New SqlCommand(query, conn) 
' assumes the ip address column is 15 chars ' 
cmd.Parameters.Add(New SqlParameter With {.ParameterName = "@WebIp", _ 
              .SqlDbType = SqlDbType.NVarChar, _ 
              .Size = 15, _ 
              .Value = webip}) 

conn.Open() 
Dim nFound = CInt(cmd.ExecuteScalar) 
conn.Close() 

If nFound = 0 Then 
    ' site is not in restricted list 
End If 

而且，你不應該在代碼中使用SELECT *除了測試以外 - 使用列名而不是*並只檢索你所需要的。