C#字符串连接问题为什么不';t+;=在这里工作?
我有以下c代码: 出于某种原因,我得到一个错误“赋值的左侧必须是变量、属性或索引器” 我看不出错误在告诉我什么。我已经注释掉了有问题的行,但错误只是上移了一行 我可以使用此方法获得要工作的字符串浓度:C#字符串连接问题为什么不';t+;=在这里工作?,c#,c#-3.0,C#,C# 3.0,我有以下c代码: 出于某种原因,我得到一个错误“赋值的左侧必须是变量、属性或索引器” 我看不出错误在告诉我什么。我已经注释掉了有问题的行,但错误只是上移了一行 我可以使用此方法获得要工作的字符串浓度: using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace StringTest { class Program { static
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace StringTest
{
class Program
{
static void Main(string[] args)
{
String strSQLCode;
strSQLCode = " select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * ";
strSQLCode = strSQLCode + " from view_dg_game_details gd (nolock) ";
strSQLCode = strSQLCode + " where gd.gametypeid = {0} ";
strSQLCode = strSQLCode + " and gd.numberofrounds = {1} ";
strSQLCode = strSQLCode + " and gd.gamevalues = '{2}' ";
}
}
}
有人能给我解释一下这个错误是怎么回事吗
谢谢
Ken因为如果不重复正在操作的变量,就无法将
+=
运算符串在一起:
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * ";
strSQLCode += " from view_dg_game_details gd (nolock) ";
strSQLCode += " where gd.gametypeid = {0} ";
strSQLCode += " and gd.numberofrounds = {1} ";
strSQLCode += " and gd.gamevalues = '{2}' ";
如果要将其声明为“长”单行程序,只需使用+
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
或者,如果您不需要这些,您可以只使用单个字符串文字:
strSQLCode =
@"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, *
from view_dg_game_details gd (nolock)
where gd.gametypeid = {0}
and gd.numberofrounds = {1}
and gd.gamevalues = '{2}' ";
因为如果不重复正在操作的变量,就无法将
+=
运算符串在一起:
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * ";
strSQLCode += " from view_dg_game_details gd (nolock) ";
strSQLCode += " where gd.gametypeid = {0} ";
strSQLCode += " and gd.numberofrounds = {1} ";
strSQLCode += " and gd.gamevalues = '{2}' ";
如果要将其声明为“长”单行程序,只需使用+
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
或者,如果您不需要这些,您可以只使用单个字符串文字:
strSQLCode =
@"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, *
from view_dg_game_details gd (nolock)
where gd.gametypeid = {0}
and gd.numberofrounds = {1}
and gd.gamevalues = '{2}' ";
对于第一个代码段,您需要的是
+
,而不是+=
您只需要为变量赋值一次,然后以正常方式将所有部分连接在一起。这就是
+
对于您的第一个代码片段,您想要的是+
,而不是+=
您只需要为变量赋值一次,然后以正常方式将所有部分连接在一起。这就是
+
在您的第一个代码片段中,您不应该使用+=
一个简单的will do+
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
来自MSDN:
使用+=赋值运算符的表达式,例如
x += y
相当于
x = x + y
除了x只计算一次之外。
这意味着您不能使用
+=
链接串联一组字符串文字或两个以上的变量 在您的第一个代码片段中,您不应该使用+=
一个简单的will do+
strSQLCode = @"select rank() over (order by percentagecorrect desc,
totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
来自MSDN:
使用+=赋值运算符的表达式,例如
x += y
相当于
x = x + y
除了x只计算一次之外。
这意味着您不能使用+=
链接串联一组字符串文字或两个以上的变量 你在写作
something += "a" += "b";
那没有道理。你在写
something += "a" += "b";
这没有道理。这是一个单独的语句,因此您应该使用以下语句:
strSQLCode = " select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
这是一个单独的语句,因此您应该使用以下语句:
strSQLCode = " select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
就这样用吧
strSQLCode = " select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
或
就这样用吧
strSQLCode = " select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ " from view_dg_game_details gd (nolock) "
+ " where gd.gametypeid = {0} "
+ " and gd.numberofrounds = {1} "
+ " and gd.gamevalues = '{2}' ";
或
你的语法有点错误 应该是:
namespace StringTest
{
class Program
{
static void Main(string[] args)
{
String strSQLCode;
strSQLCode = @" select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ @" from view_dg_game_details gd (nolock) "
+ @" where gd.gametypeid = {0} "
+ @" and gd.numberofrounds = {1} "
+ @" and gd.gamevalues = '{2}' ";
}
}
}
你的语法有点错误 应该是:
namespace StringTest
{
class Program
{
static void Main(string[] args)
{
String strSQLCode;
strSQLCode = @" select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * "
+ @" from view_dg_game_details gd (nolock) "
+ @" where gd.gametypeid = {0} "
+ @" and gd.numberofrounds = {1} "
+ @" and gd.gamevalues = '{2}' ";
}
}
}
你所做的是有效地:
string variable = "string" += "another string";
这基本上与:
string variable;
(variable = "string") += "another string";
由于插入式表达式的结果是字符串(特别是指定的值),因此现在可以有效地执行以下操作:
string variable;
variable = "string";
"string" += "another string;
编译器对第三行有问题
具体地说,编译器告诉您的是,为了执行赋值,您必须有要赋值的对象
这样写:
strSQLCode = @" select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, *
from view_dg_game_details gd (nolock)
where gd.gametypeid = @gameType
and gd.numberofrounds = @numberOfRounds
and gd.gamevalues = @gameValues ";
并使用参数化查询。您所做的是有效地:
string variable = "string" += "another string";
这基本上与:
string variable;
(variable = "string") += "another string";
由于插入式表达式的结果是字符串(特别是指定的值),因此现在可以有效地执行以下操作:
string variable;
variable = "string";
"string" += "another string;
编译器对第三行有问题
具体地说,编译器告诉您的是,为了执行赋值,您必须有要赋值的对象
这样写:
strSQLCode = @" select rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, *
from view_dg_game_details gd (nolock)
where gd.gametypeid = @gameType
and gd.numberofrounds = @numberOfRounds
and gd.gamevalues = @gameValues ";
并使用参数化查询。使用+而不是+=
另外,我强烈建议不要像这样存储和连接您的SQL查询,因为由于SQL注入,这种方式非常不安全
请在此处阅读:使用+而不是+=
另外,我强烈建议不要像这样存储和连接您的SQL查询,因为由于SQL注入,这种方式非常不安全
在这里阅读:就像其他人提到的+=应该是+。如果您的构造SQL至少对其进行了参数化,请注意SQL注入是一个严重的问题。我可以从控制台或winapp文本框中删除数据库中的表。从第一个变量开始,您可以
1 ; drop table dg_game_details --
例如:
conDatabase =
new SqlConnection("Data Source=(local);" +
"Database='projectGames';" +
"Integrated Security=true");
SqlCommand cmdDatabase =
new SqlCommand("SELECT rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * FROM view_dg_game_details gd (nolock)" +
"WHERE gd.gametypeid= @GameId;", conDatabase);
cmdDatabase.Parameters.Add("@GameId", SqlDbType.Int);
cmdDatabase.Parameters["@GameId"].Value = 1;
就像其他人提到的+=应该是+。如果您的构造SQL至少对其进行了参数化,请注意SQL注入是一个严重的问题。我可以从控制台或winapp文本框中删除数据库中的表。从第一个变量开始,您可以
1 ; drop table dg_game_details --
例如:
conDatabase =
new SqlConnection("Data Source=(local);" +
"Database='projectGames';" +
"Integrated Security=true");
SqlCommand cmdDatabase =
new SqlCommand("SELECT rank() over (order by percentagecorrect desc, totalmilliseconds asc) as rank, * FROM view_dg_game_details gd (nolock)" +
"WHERE gd.gametypeid= @GameId;", conDatabase);
cmdDatabase.Parameters.Add("@GameId", SqlDbType.Int);
cmdDatabase.Parameters["@GameId"].Value = 1;
您有SQL注入漏洞。字符串连接效率较低,在这里使用
@
字符串可能是最好的。@McKay:我想编译器会在编译时将它们组合起来。+=不会被我的编译器减少。链式连接+串联。@McKay:这种大小的“有效”并不重要。您有一个SQL注入漏洞。字符串串联效率较低,在这里使用@
字符串可能是最好的。@McKay:我想象编译器在编译时将它们组合起来。+=不会被我的编译器减少。“链式+串联式”就行了。@McKay:在这种规模下,“高效”真的不重要。