C# 我无法纠正以下错误:System.Data.SqlClient.SqlException(0x80131904):列名“OAT”无效
将此行更改为。字符串必须被引用C# 我无法纠正以下错误:System.Data.SqlClient.SqlException(0x80131904):列名“OAT”无效,c#,sql-server,visual-studio,C#,Sql Server,Visual Studio,将此行更改为。字符串必须被引用 protected void btnDeleteVenue_Click(object sender, EventArgs e) { try { con.Open(); string ddl = DropDownList1.SelectedItem.Value; string sq = "select ven
protected void btnDeleteVenue_Click(object sender, EventArgs e)
{
try
{
con.Open();
string ddl = DropDownList1.SelectedItem.Value;
string sq = "select venue_name from Venue";
cmd = new SqlCommand(sq, con);
SqlDataReader r = cmd.ExecuteReader();
string dq = null;
if (r.HasRows)
{
while (r.Read())
{
if (ddl.Equals(r.GetValue(0).ToString()))
{
string dq = "DELETE from Venue WHERE venue_name=" + ddl;
//.Close();
cmd = new SqlCommand(dq, con);
cmd.ExecuteNonQuery();
Response.Write("<script> alert('Venue Deleted') </script>");
con.Close();
}
}
}
}
catch(Exception ex)
{
Response.Write(ex);
}
}
SQL代码中的字符串值缺少“”。现在需要学习如何使用参数化查询。使用它们可以消除您当前遇到的错误,还可以保护您免受sql注入的黑客攻击。无意冒犯,但我希望sql注入是免费的answer@Steve-是的,没错。然而,这只是关于在代码中显示错误+1.
string dq = "DELETE from Venue WHERE venue_name='" + ddl + "'";