C# “获取错误”;System.Data.SqlClient.SqlException:';靠近';的语法不正确'&引用;
我真的需要帮助来解决这个错误,我是C#的新手,所以这可能是一个明显的错误,也可能不是 错误是 System.Data.SqlClient.SqlException:靠近“')的语法不正确 它出现在:C# “获取错误”;System.Data.SqlClient.SqlException:';靠近';的语法不正确'&引用;,c#,sql-server,exception,visual-studio-2019,C#,Sql Server,Exception,Visual Studio 2019,我真的需要帮助来解决这个错误,我是C#的新手,所以这可能是一个明显的错误,也可能不是 错误是 System.Data.SqlClient.SqlException:靠近“')的语法不正确 它出现在: using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient; //allows a secure link between the button on add user and the database
namespace inventory_management_coding
{
public partial class Add_New_User : Form
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Sarwan\Desktop\computer science coding coursework\inventory management coding\Inventory.mdf;Integrated Security=True"); // this is a connection string so it sets the variable con with the database file that is exactly in that file location
public Add_New_User()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
int i = 0;
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from Registration where username = '" + textBox3.Text + "'"; //this gets information from my database. Textbox 3 is the username textbox
cmd.ExecuteNonQuery(); // This is used for executing queries that do not return any data.
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd); // allows access to the database
da.Fill(dt);
i = Convert.ToInt32(dt.Rows.Count.ToString());
if (i == 0) //allows us to pass through sub query
{
SqlCommand cmd1 = con.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "Insert into registeration ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')"; //This allows data to be entere into the database. Text box 1,2,3,4,5 are linked to firstname, lastname etc
cmd1.ExecuteNonQuery();
textBox1.Text = ""; textBox2.Text = "";
textBox3.Text = ""; textBox4.Text = "";
textBox5.Text = ""; // these allow the parameters to be passed through
MessageBox.Show("user record inserted successfully");
}
else
{
MessageBox.Show("This username already exists, please choose another"); // this would be an invalid statement for choosing a same username. They must be Unique!
}
}
private void Add_New_User_Load(object sender, EventArgs e)
{
if (con.State == ConnectionState.Open) //this section of code is vital in all areas to allow the program to automatically connect to the database. Con is the linking variable.
{
con.Close();
}
con.Open();
}
}
}
我真的需要这方面的帮助,它说语法是',但我无法找到正确的解决方案。它发生在这一行:
cmd1.ExecuteNonQuery();
插入行的commandText缺少一些信息 你现在有
cmd1.CommandText = "Insert into registeration ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')"; //This allows data to be inputted in the database. Text box 1,2,3,4,5 are linked to firstnale, lastname etc
但是,Insert-into
命令的语法是
INSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3, ...);
您跳过了指定要为其插入值的列的名称。您没有为我们提供足够的信息来了解您的列名,但您的代码行应该如下所示:
//This allows data to be inputted in the database. Text box 1,2,3,4,5 are linked to firstnale, lastname etc
cmd1.CommandText = "Insert into registeration (column1, column2, column3, column4, column5) VALUES ('"+ textBox1.Text +"','"+ textBox2.Text +"','"+ textBox3.Text +"','"+ textBox4.Text +"','"+ textBox5.Text +"')";
其中,column1、column2、column3、column4、column5
将替换为列的实际名称
当您在C#代码中发现SQL异常时,尝试在单独的变量中构建字符串,然后将其传递到CommandText
,这样您就可以单步执行代码并进行调试,并可能将整个连接字符串剪切并粘贴到查询窗口中,这样您就可以从应用程序中单独运行和调试SQL
作为补充说明,您需要对进行一些研究,因为通过直接从用户输入框构建SQL命令,您将非常容易受到此漏洞的影响。您应该放弃并忽略任何教程或学习源教您如何以这种方式编写SQL。在.NET中这样做从来都不是正确的方法。你得到的错误只是其中一个比较温和的问题。