尝试向数据库插入行时 SQL 语法无效
本文关键字:SQL 语法 无效 插入 数据库 | 更新日期: 2023-09-27 18:37:15
我收到此错误:System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near '12'.
错误发生在pbkDB.ExecuteNonQuery(dbCommand)行上。
#region Enhancements_Update
private static bool Enhancements_Update(DataRow dr)
{
bool inserted = false;
DateTime dt;
Database pbkDB = DatabaseFactory.CreateDatabase("PbKConnectionString");
try
{
ChargeCode = dr["ChargeCode"].ToString().Trim();
NcicCode = dr["NcicCode"].ToString().Trim();
Description = String.IsNullOrEmpty(dr["Description"].ToString().Trim()) ? null : dr["Description"].ToString().Trim();
MachCr = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachCr"].ToString().Trim();
EnterUserId = String.IsNullOrEmpty(dr["EnterUserId"].ToString().Trim()) ? "KSCONV" : dr["EnterUserId"].ToString().Trim();
EnterDate = DateTime.TryParse(dr["EnterDate"].ToString(), out dt) ? dt : DateTime.Now;
UpdateUserId = String.IsNullOrEmpty(dr["UpdateUserId"].ToString().Trim()) ? "KSCONV" : dr["UpdateUserId"].ToString().Trim();
UpdateDate = DateTime.TryParse(dr["UpdateDate"].ToString(), out dt) ? dt : DateTime.Now;
EnactedDate = DateTime.TryParse(dr["EnactedDate"].ToString(), out dt) ? dt : DateTime.Now;
if (DateTime.TryParse(dr["RepealedDate"].ToString(), out dt))
RepealedDate = dt;
else
RepealedDate = null;
UsageType = String.IsNullOrEmpty(dr["UsageType"].ToString().Trim()) ? null : dr["UsageType"].ToString().Trim();
LanguageFile = String.IsNullOrEmpty(dr["LanguageFile"].ToString().Trim()) ? null : dr["LanguageFile"].ToString().Trim();
MachChar = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachChar"].ToString().Trim();
NotesOnUse = String.IsNullOrEmpty(dr["NotesOnUse"].ToString().Trim()) ? null : dr["NotesOnUse"].ToString().Trim();
SentenceSeverity = String.IsNullOrEmpty(dr["SentenceSeverity"].ToString().Trim()) ? null : dr["SentenceSeverity"].ToString().Trim();
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format(@"Update tblCtStateChargeNcic set Description = '{2}', MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5}, UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8}, RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}', MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}' where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode, NcicCode, Description, MachCr, EnterUserId, EnterDate, UpdateUserId, UpdateDate, EnactedDate, RepealedDate, UsageType, LanguageFile, MachChar, NotesOnUse, SentenceSeverity));
// error occurs here!
pbkDB.ExecuteNonQuery(dbCommand);
inserted = true;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
return inserted;
}
#endregion
你应该使用 sql 参数,而不是自己构建字符串。
无论如何,这是您的错误:
UpdateDate {7}, EnactedDate {8}
您缺少=:
UpdateDate = {7}, EnactedDate = {8}
您缺少 = 表示更新日期{7}、颁布日期{8}
问题是日期值必须括在引号中(很可能是撇号)。
字符串格式不正确。
根据记录,使用字符串创建SQL语句是一个可怕的想法。使用参数化查询,并使用 AddParameterWithValue 方法添加参数值。这种字符串拼接是SQL注入攻击的主要候选者。
更改:
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
(@"Update tblCtStateChargeNcic set Description = '{2}',
MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5},
UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8},
RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}',
MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode,
NcicCode, Description, MachCr, EnterUserId, EnterDate,
UpdateUserId, UpdateDate, EnactedDate, RepealedDate,
UsageType, LanguageFile, MachChar, NotesOnUse,
SentenceSeverity));
自:
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
(@"Update tblCtStateChargeNcic set Description = '{2}',
MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5},
UpdateUserId = '{6}', UpdateDate = {7}, EnactedDate = {8},
RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}',
MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode,
NcicCode, Description, MachCr, EnterUserId, EnterDate,
UpdateUserId, UpdateDate, EnactedDate, RepealedDate,
UsageType, LanguageFile, MachChar, NotesOnUse,
SentenceSeverity));
您省略了UpdateDate和EnactedDate的"="。