System.Data.dll中出现“System.Data.SqlClient.SqlException”类型的exception
我是c#的初学者,当我执行代码时出现此错误消息>>
“System.Data.dll中出现’System.Data.SqlClient.SqlException’类型的exception,但未在用户代码中处理
附加信息:’=’附近的语法不正确。 “
这是代码!!
string position; SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; "); con.Open(); SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=" + id.Text, con); SqlDataReader Read = cmd.ExecuteReader(); if (Read.Read()==true) { position = Read[0].ToString(); Response.Write("User Registration successful"); } else { Console.WriteLine("No Employee found."); } Read.Close();
您的代码存在一些问题。 首先,我建议使用参数化查询,以避免SQL注入攻击,并且框架也会发现参数类型:
var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con); cmd.Parameters.AddWithValue("@id", id.Text);
其次,因为您只对从查询返回的一个值感兴趣,所以最好使用ExecuteScalar
MSDN :
var name = cmd.ExecuteScalar(); if (name != null) { position = name.ToString(); Response.Write("User Registration successful"); } else { Console.WriteLine("No Employee found."); }
最后一件事是将SqlConnection
和SqlCommand
包装成using
以便那些using
资源处理掉:
string position; using (SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; ")) { con.Open(); using (var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con)) { cmd.Parameters.AddWithValue("@id", id.Text); var name = cmd.ExecuteScalar(); if (name != null) { position = name.ToString(); Response.Write("User Registration successful"); } else { Console.WriteLine("No Employee found."); } } }
我认为您的EmpID
列是字符串 ,您忘记在您的值中使用' '
。
因为当您编写EmpID=" + id.Text
,您的命令看起来像EmpID = 12345
而不是EmpID = '12345'
将您的SqlCommand
更改为
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID='" + id.Text +"'", con);
或者作为一种更好的方式,您可以(并且应该)始终使用parameterized queries
。 这种字符串连接对SQL Injection
攻击是开放的。
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con); cmd.Parameters.AddWithValue("@id", id.Text);
我认为您的EmpID
列保留了您的员工ID,因此它的类型应该是一些数字类型而不是字符。
试试这个
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=@id", con); cmd.Parameters.AddWithValue("id", id.Text);
System.Data.dll中发生了未处理的“System.Data.SqlClient.SqlException”类型exception
private const string strconneciton = "Data Source=.;Initial Catalog=Employees;Integrated Security=True"; SqlConnection con = new SqlConnection(strconneciton); private void button1_Click(object sender, EventArgs e) { con.Open(); SqlCommand cmd = new SqlCommand("insert into EmployeeData (Name,S/O,Address,Phone,CellNo,CNICNO,LicenseNo,LicenseDistrict,LicenseValidPhoto,ReferenceName,ReferenceContactNo) values ( '" + textName.Text + "','" + textSO.Text + "','" + textAddress.Text + "','" + textPhone.Text + "','" + textCell.Text + "','" + textCNIC.Text + "','" + textLicenseNo.Text + "','" + textLicenseDistrict.Text + "','" + textLicensePhoto.Text + "','" + textReferenceName.Text + "','" + textContact.Text + "' )", con); cmd.ExecuteNonQuery(); con.Close(); }
使用try-catch查看发生的真实错误
try { //Your insert code here } catch (System.Data.SqlClient.SqlException sqlException) { System.Windows.Forms.MessageBox.Show(sqlException.Message); }
using (var cmd = new SqlCommand("SELECT EmpName FROM [Employee] WHERE EmpID = @id", con))
把[]
放在表名周围;)