Asp.net 如何替换”;加上;在mysql查询中?
我试图从ASP.NET 2005运行此SQL,但收到一个无效的SQL错误,因为它有一个奇怪的字符Asp.net 如何替换”;加上;在mysql查询中?,asp.net,sql,mysql,Asp.net,Sql,Mysql,我试图从ASP.NET 2005运行此SQL,但收到一个无效的SQL错误,因为它有一个奇怪的字符“ 在我的代码中,我试图将“替换为”,但由于replace命令中的特殊字符正在更改为“,因此它没有这样做 查询: insert into userquery(description) values ('In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognize
“
在我的代码中,我试图将“
替换为”
,但由于replace命令中的特殊字符正在更改为“
,因此它没有这样做
查询:
insert into userquery(description)
values ('In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”')
如果我在mysql中复制并执行它,它工作得很好
如何解决此问题?双引号的ASCII值为147 好的Ol'VB6即时窗口:
?asc("“")
147
您可以使用转义的双引号替换Chr(147):Chr(34)&Char(34)for“”。该双引号的ASCII值为147 好的Ol'VB6即时窗口:
?asc("“")
147
您可以在Chr(147)上进行替换,并使用转义的双引号:Chr(34)和Char(34)替换“.”实际的错误消息会有所帮助。如果是unicode问题,您可以尝试: 插入一个N:
insert into userquery(description)
values (N'In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”')
或参阅:
实际的错误消息会很有帮助。如果是unicode问题,您可以尝试: 插入一个N:
insert into userquery(description)
values (N'In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”')
或参阅:
您构建的查询是错误的。您在客户端上没有说c#或vb.net,但无论哪种方式,您的sql字符串都应该更像这样:
string query = "insert into userquery(description) values (@description)";
using (var cn = new MySqlConnection("... your connection string here..."))
using (var cmd = new MySqlCommand(query, cn))
{
/* THIS IS THE IMPORTANT PART */
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable;
/*****************************/
cn.Open();
cmd.ExecuteNonQuery();
}
然后设置描述值,如下所示:
string query = "insert into userquery(description) values (@description)";
using (var cn = new MySqlConnection("... your connection string here..."))
using (var cmd = new MySqlCommand(query, cn))
{
/* THIS IS THE IMPORTANT PART */
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable;
/*****************************/
cn.Open();
cmd.ExecuteNonQuery();
}
以及vb版本:
Using cn As New MySqlConnection("... your connection string here..."), _
cmd As New MySqlCommand(query, cn)
''# THIS IS THE IMPORTANT PART
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable
''############################
cn.Open()
cmd.ExecuteNonQuery()
End Using
这将确保您的参数被正确转义,不管您有多奇怪的字符。您的查询构建错误。您在客户端上没有说c#或vb.net,但无论哪种方式,您的sql字符串都应该更像这样:
string query = "insert into userquery(description) values (@description)";
using (var cn = new MySqlConnection("... your connection string here..."))
using (var cmd = new MySqlCommand(query, cn))
{
/* THIS IS THE IMPORTANT PART */
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable;
/*****************************/
cn.Open();
cmd.ExecuteNonQuery();
}
然后设置描述值,如下所示:
string query = "insert into userquery(description) values (@description)";
using (var cn = new MySqlConnection("... your connection string here..."))
using (var cmd = new MySqlCommand(query, cn))
{
/* THIS IS THE IMPORTANT PART */
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable;
/*****************************/
cn.Open();
cmd.ExecuteNonQuery();
}
以及vb版本:
Using cn As New MySqlConnection("... your connection string here..."), _
cmd As New MySqlCommand(query, cn)
''# THIS IS THE IMPORTANT PART
cmd.Parameters.Add("@description", SqlDbType.VarChar).Value = MyDescriptionVariable
''############################
cn.Open()
cmd.ExecuteNonQuery()
End Using
这将确保您的参数被正确转义,无论您有多少个奇数字符。您应该这样编写查询,在文本前使用N:
insert into userquery(description) values (N'In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”')
并确保字段为nvarchar o ntext(后者已被弃用,取而代之的是nvarchar(max)btw)
无论如何,您应该遵循使用参数化查询的建议,以避免此类问题和许多其他问题(如SQL注入),因为作为参数拉入数据库的字符串在到达数据库之前经过清理和转义。您应该这样编写查询,在文本之前使用N:
insert into userquery(description) values (N'In fact, Topeka Google Mayor Bill Bunten expressed it best: “Don’t be fooled. Even Google recognizes that all roads lead to Kansas, not just yellow brick ones.”')
并确保字段为nvarchar o ntext(后者已被弃用,取而代之的是nvarchar(max)btw)
无论如何,您应该遵循使用参数化查询的建议,以避免此类问题和许多其他问题(如SQL注入)因为作为参数拉入数据库的字符串在到达数据库之前经过清理和转义。请查看标题中的奇怪字符。您能发布准确的错误消息吗?请查看标题中的奇怪字符。您能发布准确的错误消息吗?没有ASCII字符147。请将此告诉VB6。它报告147。没有ASCII字符147。告诉VB6。报告147人。