语法错误:System.Data.SqlClient.SqlException:';附近的语法不正确=';
本文关键字:语法 不正确 错误 SqlClient SqlException System Data | 更新日期: 2023-09-27 18:00:12
我收到了这个服务器错误,我不知道问题出在哪里:
描述:在执行期间发生未处理的异常当前web请求。请查看堆栈跟踪以了解更多信息有关错误的信息以及错误在代码中的来源。
异常详细信息:System.Data.SqlClient.SqlException:不正确"="附近的语法。
我的代码在这里:
public partial class v2_kradescription : System.Web.UI.Page
{
SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
protected void Page_Load(object sender, EventArgs e)
{
try
{
// icnoA for appraisee icno
string role = "";
string kr_icno = (string)(Session["s_icno"]);
string kr_position = (string)(Session["kr_position"]);
string kr_description = (string)(Session["kr_description"]);
Session["role"] = role;
if (role == "KRA")
{
kr_icno = (string)(Session["s_icno"]);
kr_position = (string)(Session["kr_position"]);
kr_description = (string)(Session["kr_description"]);
}
conn.Open();
SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno;
conn.Close();
}
catch (Exception ex)
{
lblMsg.Text = ex.Message; //" Error while saving the record.";
}
//conn.Open();
//string icno = (string)(Session["s_icno"]);
//SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = " + icno;
//conn.Close();
}
protected void GridView1_OnRowDataBound(object sender, GridViewRowEventArgs e)
{
string kr_id = Request.QueryString["kr_id"];
string id = "";
if (e.Row.RowType == DataControlRowType.DataRow)
{
id = GridView1.DataKeys[e.Row.RowIndex].Values[0].ToString();
}
Label lblposition = (Label)e.Row.FindControl("lblposition");
Label lbldescription = (Label)e.Row.FindControl("lbldescription");
if(e.Row.DataItem != null)
{
conn.Open();
String queryA = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = " + s_icno;
SqlCommand cmdA = new SqlCommand(queryA, conn);
SqlDataReader drA = cmdA.ExecuteReader();
if (drA.Read())
{
lblposition.Text = drA["kr_position"].ToString();
lbldescription.Text = drA["kr_description"].ToString();
}
drA.Close();
}
}
protected void GridView1_OnRowEdited(object sender, GridViewEditEventArgs e)
{
GridView1.EditIndex = e.NewEditIndex;
}
protected void GridView1_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e)
{
GridView1.Focus();
}
protected void GridView1_OnRowUpdated(object sender, GridViewUpdateEventArgs e)
{
Response.Redirect("kra_description.aspx?Sucess");
}
protected void OnPaging(object sender, GridViewPageEventArgs e)
{
GridView1.PageIndex = e.NewPageIndex;
}
protected void btnPreview_Click(object sender, EventArgs e)
{
Response.Redirect("kra_pdf.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
string kricno = (string)(Session["s_icno"]);
string krid = (string)(Session["kr_id"]);
string krdescription = (string)(Session["kr_description"]);
string krposition = (string)(Session["kr_position"]); ;
try
{
// get requester name, companyid, primary appraiser of requester
String queryA = "SELECT kr_id, kr_description, kr_position FROM tblKRAObjective WHERE s_icno = '"+kricno;
SqlCommand cmdA = new SqlCommand(queryA);
SqlDataReader drA = cmdA.ExecuteReader();
if (drA.Read())
{
krid = drA["kr_id"].ToString();
kricno = drA["kr_icno"].ToString();
krdescription = drA["kr_description"].ToString();
krposition = drA["kr_position"].ToString();
}
drA.Close();
SqlCommand cmd1 = new SqlCommand();
cmd1.CommandType = CommandType.StoredProcedure;
cmd1.Parameters.Add("@kr_id", SqlDbType.NVarChar).Value = krid.ToString();
cmd1.Parameters.Add("@kr_descpription", SqlDbType.NVarChar).Value = krdescription.ToString();
cmd1.Parameters.Add("@kr_position", SqlDbType.NVarChar).Value = krposition.ToString();
cmd1.Parameters.Add("@kr_icno", SqlDbType.NVarChar).Value = kricno.ToString();
cmd1.ExecuteNonQuery();
}
catch (Exception ex)
{
lblMsg.Text = ex.Message; //" Error while saving the record.";
}
Response.Redirect("kra_dashboard.aspx");
}
}
protected void btnAddNew_Click(object sender, EventArgs e)
{
}
}
在这一行中,表名和Where 之间缺少一个空格
SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno;
试试这个:
"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";
为了避免Sql注入,使用参数化查询
请在Where之前留出空格,并在参数中添加单引号,因为它是字符串
尝试低于
"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";