C# Asp.NET C MVC-如何使用倍数表显示查询结果
我正在执行以下代码:C# Asp.NET C MVC-如何使用倍数表显示查询结果,c#,sql-server,asp.net-mvc,C#,Sql Server,Asp.net Mvc,我正在执行以下代码: public ActionResult BranchUser(int ? idBranch) { CtrForm objCtrForm = new CtrForm(); objCtrForm.Connect(); objCtrForm.query.Connection = objCtrForm.connection; objCtrForm.query.Comman
public ActionResult BranchUser(int ? idBranch)
{
CtrForm objCtrForm = new CtrForm();
objCtrForm.Connect();
objCtrForm.query.Connection = objCtrForm.connection;
objCtrForm.query.CommandType = CommandType.Text;
List<tblUser> listBranchUser = new List<tblUser>();
string sql = @"SELECT B.name, B.phone, B.email, B.idUser FROM tblBranchUser A
INNER JOIN tblUsers B ON A.idUser = B.idUser
WHERE A.idBranch = " + idBranch;
objCtrForm.query.CommandText = sql;
objCtrForm.connection.Open();
SqlDataReader sReader = objCtrForm.query.ExecuteReader();
while (sReader.Read())
{
listBranchUser.Add(
new tblUser
{
idUser = Convert.ToInt32(sReader["idUser"]),
name = Convert.ToString(sReader["name"]),
phone = Convert.ToString(sReader["phone"]),
email = Convert.ToString(sReader["email"])
}
);
}
objCtrForm.connection.Close();
return View(listBranchUser);
}
我不明白为什么会这样,因为我在其他函数中执行了,但我只调用了一个表,而不是两个表。任何建议我都会很感激。我相信C不会隐式地将整数转换为字符串 试着替换
string sql = @"SELECT B.name, B.phone, B.email, B.idUser FROM tblBranchUser A
INNER JOIN tblUsers B ON A.idUser = B.idUser
WHERE A.idBranch = " + idBranch;
idBranch可以为空-您不应该将SQL语句连接在一起-使用参数化查询来避免SQL注入-从技术上检查,在这种情况下,不可能注入SQL,但很可能形成生成错误的SQL,从而导致此处的语法错误。使用参数是避免发生真实/恶意SQL注入的统一做法。。避免像这样愚蠢的编程边缘案例。Thk,你的建议有效。但我也有另一种方法来修复。字符串sql=@SELECT B.name、B.phone、B.email、B.idUser FROM tblBranchUser A internal JOIN tblUsers B ON A.idUser=B.idUser,其中A.idBranch=@idBranch;query.Parameters。Add@idBranch,SqlDbType.Int.Value=idBranch;
string sql = @"SELECT B.name, B.phone, B.email, B.idUser FROM tblBranchUser A
INNER JOIN tblUsers B ON A.idUser = B.idUser
WHERE A.idBranch = " + idBranch.ToString();