System.Data.SqlClient.SqlException:关键字'FROM'附近语法错误
本文关键字:语法 错误 FROM Data 关键字 System SqlClient SqlException | 更新日期: 2023-09-27 18:03:33
我试图在ASP.net中创建一个网站,它可以显示我们组织发布的出版物。下面是cs文件中的一些代码。
//2nd - Setup SQL Command
SqlCommand cmd = new SqlCommand("SELECT [IDTip], [Date], CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image], REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>'r'n'r'n<p>', '<p></p>') AS ContentConverted, Recognition, FROM tips WHERE IDTip =" + Request.QueryString["IDTip"], new SqlConnection(HealthReachConString));
//3rd - Attempt to open the connection to the DB
cmd.Connection.Open();
//4th - Go and fetch some data and apply it to our controls
SqlDataReader objReader = cmd.ExecuteReader();
while (objReader.Read())
{
lblDate.Text = objReader.GetString(2);
lblTitle.Text = objReader.GetString(4);
lblTip.Text = Convert.ToString(objReader["ContentConverted"]);
imgContentPicture.ImageUrl = "~/files/Health_Tips/" + objReader.GetString(5);
if (objReader.GetString(5) == " " || objReader.GetString(5) == "")
{
imgContentPicture.Visible = false;
}
else
{
imgContentPicture.Visible = true;
}
}
objReader.Close();
cmd.Connection.Close();
这是我得到的错误。
'/'应用程序出现服务器错误。
源错误:
关键字'FROM'附近语法错误。
描述:在执行当前web请求期间发生了未处理的异常。请查看堆栈跟踪以了解有关错误及其在代码中的起源的更多信息。
异常详细信息:System.Data.SqlClient.SqlException:关键字'FROM'附近语法错误。23行:
第24行://4 -去获取一些数据并将其应用于我们的控件第25行:SqlDataReader objReader = cmd.ExecuteReader();
第26行:while (objReader.Read())
第27行:{堆栈跟踪:
[SqlException (0x80131904):关键字'FROM'附近语法错误。]
System.Data.SqlClient.SqlConnection。OnError(SqlException异常,Boolean breakConnection, Action ' 1 wrapCloseInAction) +1791910
System.Data.SqlClient.SqlInternalConnection.OnError (SqlException异常异常,布尔断开连接,动作' 1 wrapCloseInAction) +5347106System.Data.SqlClient.TdsParser。ThrowExceptionAndWarning(TdsParserStateObjec>t stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParser。TryRun(RunBehavior RunBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet, bulkCopyHandler, TdsParserStateObject, statobj, boolean &;dataReady) + 1693
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData () + 61
System.Data.SqlClient.SqlDataReader.get_MetaData () + 90
System.Data.SqlClient.SqlCommand。FinishExecuteReader (SqlDataReader ds,RunBehavior RunBehavior, String resetOptionsString) +377
System.Data.SqlClient.SqlCommand。RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior RunBehavior,布尔返回流,布尔异步,Int32超时,任务&asyncWrite, SqlDataReader +1421
System.Data.SqlClient.SqlCommand。RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior RunBehavior,布尔返回流,字符串方法,TaskCompletionSource ' 1完成,Int32超时,任务&task, Boolean asyncWrite) +177
System.Data.SqlClient.SqlCommand。RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior RunBehavior, Boolean returnStream, String method) +53System.Data.SqlClient.SqlCommand。ExecuteReader(CommandBehavior行为,字符串方法)+137
System.Data.SqlClient.SqlCommand.ExecuteReader () + 99
PressRoom_Detail。Page_Load(对象发送者,EventArgs e) in e:'web'healthreach'htdocs'Tips_Detail.aspx.cs:25
System.Web.Util.CalliEventHandlerDelegateProxy。Callback(Object sender, EventArgs e) +51
System.Web.UI.Control。OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive () + 54
System.Web.UI.Page。ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772
知道是怎么回事吗?
为了澄清您的问题,额外的逗号向SQL指示存在另一个参数,但是您的参数是FROM。一旦去掉FROM前的逗号,语法就有效了。假设您已经为CONVERT和Alias函数指明了正确的语法。
我还想指出,您的查询容易SQL注入。要解析该部分,您应该这样做:
SELECT [IDTip], [Date],
CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image],
REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>'r'n'r'n<p>', '<p></p>') AS [ContentConverted], [Recognition]
FROM [Tips]
WHERE ([IDTip] = @Id);
这就是我在我的评论中看到的查询错误
额外垃圾:
SELECT ... Recognition, FROM ...
^---