获取 sql 错误:字符串“904LPUH000614”后未闭合的引号

本文关键字:错误 sql 字符串 904LPUH000614 获取 | 更新日期: 2023-09-27 18:35:24

public partial class HardwareInformation : BaseForm
{
    string sWhere = "";
    public HardwareInformation()
    {
        InitializeComponent();
    }
    private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection objConn1 = new SqlConnection("Data Source=192.168.0.203;Initial Catalog=costing;User ID=sa;Password=Spareage@123");
        if ( searchtextbox.Text.Trim() != "" )
        {
            sWhere = "Where  Srno  '" + searchtextbox.Text;      
        }
        SqlDataAdapter objAdapter = new SqlDataAdapter(@"Select distinct [Srno] ,[Employee Name] ,  [Department] ,  [Thin Client] , [Desktop] , [Lcd] , [Moniter] , [Printer] , [Ups]   from  [dbo].[HardwareDetail] " + sWhere + "", objConn1);
        DataTable objTable = new DataTable();
        objAdapter.Fill(objTable);
        dataGridView1.DataSource = objTable;
        dataGridView1.Columns[0].Width = 25;
        for (int i = 1; i < dataGridView1.Columns.Count; i++)
        {
            dataGridView1.Columns[i].ReadOnly = true;
        }
    }

获取 sql 错误:字符串“904LPUH000614”后未闭合的引号

使用

"Where Srno = '" + searchtextbox.Text + "'";

您忘记了= Srno后的符号,并在文本框文本后关闭单引号。

在创建 SqlDataAdapter 的位置,最后一次使用

 "[Ups] from [dbo].[HardwareDetail] " + sWhere, objConn1);

顺便说一句,请注意SQL弹射。

文本框

文本后缺少 = 符号和结束引号。因此它应该是

"Where  Srno = '" + searchtextbox.Text +"'";

你的代码容易受到SQL注入攻击。切勿在不清理 SQL 的情况下将用户输入直接插入 SQL。您确实需要更改为参数化查询:

SqlDataAdapter objAdapter = new SqlDataAdapter(@"Select distinct [Srno] ,[Employee Name] ,  [Department] ,  [Thin Client] , [Desktop] , [Lcd] , [Moniter] , [Printer] , [Ups]   from  [dbo].[HardwareDetail] WHERE Srno = @srno", objConn1);
// Change the length and dbtype to match your needs
objAdapter.Parameters.Add("@srno", SqlDbType.NChar, 15, searchtextbox.Text);
DataTable objTable = new DataTable();
objAdapter.Fill(objTable);

这使您免于注入漏洞,并且还消除了转义引号和其他特殊字符的需要。

相关文章: