C# 在Gridview中显示SQL Server数据库值显示错误
尝试在gridview中显示数据库值时,出现错误: System.Data.dll中发生类型为“System.Data.SqlClient.SqlException”的未处理异常 其他信息:关键字“and”附近的语法不正确 代码是C# 在Gridview中显示SQL Server数据库值显示错误,c#,sql,sql-server,gridview,C#,Sql,Sql Server,Gridview,尝试在gridview中显示数据库值时,出现错误: System.Data.dll中发生类型为“System.Data.SqlClient.SqlException”的未处理异常 其他信息:关键字“and”附近的语法不正确 代码是 private void button1_Click(object sender, EventArgs e) { SqlDataAdapter adap; DataSet ds; SqlConnection cn = new SqlConne
private void button1_Click(object sender, EventArgs e)
{
SqlDataAdapter adap;
DataSet ds;
SqlConnection cn = new SqlConnection(
@"Data Source=DILIPWIN\SQLEXPRESS;Initial Catalog=radb;Integrated Security=True");
cn.Open();
var home = new Home();
adap = new SqlDataAdapter(
"select roll_num, mark from marks where mark < 50 and dept_id=" +
home.cboxDept.SelectedValue + " and sem_id=" + home.cboxSem.SelectedValue +
" and subject_id=" + home.cboxSubject.SelectedValue + " and batch_id= " +
home.cboxBatch.SelectedValue + " and cls_id=" + home.cboxClass.SelectedValue, cn);
ds = new System.Data.DataSet();
adap.Fill(ds, "dataGridView1");
dataGridView1.DataSource = ds.Tables[0];
}
private void按钮1\u单击(对象发送者,事件参数e)
{
sqldataadap;
数据集ds;
SqlConnection cn=新的SqlConnection(
@“数据源=DILIPWIN\SQLEXPRESS;初始目录=radb;集成安全性=True”);
cn.Open();
var home=新家();
adap=新的SqlDataAdapter(
“选择roll_num,从标记<50和部门id=“+
home.cboxDept.SelectedValue+”和sem_id=“+home.cboxSem.SelectedValue+
“和subject_id=“+home.cboxSubject.SelectedValue+”和batch_id=“+
home.cboxBatch.SelectedValue+”和cls_id=“+home.cboxClass.SelectedValue,cn);
ds=新的System.Data.DataSet();
adap.Fill(ds,“dataGridView1”);
dataGridView1.DataSource=ds.Tables[0];
}
GridView1.DataBind();//This line is missing in your code`
DataAdapter adapter=new DataAdapter(SqlCommand,SqlConn);
DataTable tbl=new Datatable();
adapter.Fill(tbl);
GridView1.DataSource=tbl;
GridView1.DataBind();//This line is missing in your code
`使用sql参数可能会解决此问题,并防止将来出现sql注入问题:
string sql = @"
SELECT roll_num,
mark
FROM marks
WHERE mark < 50
AND dept_id=@dept_id
AND sem_id=@sem_id
AND subject_id=@subject_id
AND batch_id=@batch_id
AND cls_id=@cls_id;";
DataSet ds = new DataSet();
using(var cn = new SqlConnection(@"Data Source=DILIPWIN\SQLEXPRESS;Initial Catalog=radb;Integrated Security=True"))
using (var da = new SqlDataAdapter(sql, cn))
{
da.SelectCommand.Parameters.AddWithValue("@dept_id", home.cboxDept.SelectedValue );
da.SelectCommand.Parameters.AddWithValue("@sem_id", home.cboxSem.SelectedValue );
da.SelectCommand.Parameters.AddWithValue("@subject_id", home.cboxSubject.SelectedValue );
da.SelectCommand.Parameters.AddWithValue("@batch_id", home.cboxBatch.SelectedValue );
da.SelectCommand.Parameters.AddWithValue("@cls_id", home.cboxClass.SelectedValue );
da.Fill(ds); // you don't need to open/close the connection with Fill
}
dataGridView1.DataSource = ds.Tables[0];
stringsql=@”
选择roll_num,
做记号
从马克
其中标记<50
和dept\u id=@dept\u id
和sem_id=@sem_id
和subject\u id=@subject\u id
和batch\u id=@batch\u id
和cls_id=@cls_id;“;
数据集ds=新数据集();
使用(var cn=new SqlConnection(@“Data Source=DILIPWIN\SQLEXPRESS;Initial Catalog=radb;Integrated Security=True”))
使用(var da=newsqldataadapter(sql,cn))
{
da.SelectCommand.Parameters.AddWithValue(“@dept\u id”,home.cboxDept.SelectedValue);
da.SelectCommand.Parameters.AddWithValue(“@sem\u id”,home.cboxSem.SelectedValue);
da.SelectCommand.Parameters.AddWithValue(“@subject\u id”,home.cboxSubject.SelectedValue);
da.SelectCommand.Parameters.AddWithValue(“@batch\u id”,home.cboxBatch.SelectedValue);
da.SelectCommand.Parameters.AddWithValue(“@cls\u id”,home.cboxClass.SelectedValue);
da.Fill(ds);//不需要用Fill打开/关闭连接
}
dataGridView1.DataSource=ds.Tables[0];
您还应该使用正确的类型。将尝试从值推断类型。因此,如果这些是
intint.parse(home.cboxdept.SelectedValue)