1. 首页
  2. 问答
  3. System.Data.SqlClient.SqlException:')'附近的语法不正确

System.Data.SqlClient.SqlException:')'附近的语法不正确

2014-03-29 104 views
0

我正在尝试从SQL Server数据库检索值的SQL命令中出现错误。它在标题中提到了浏览器中的错误。如果我删除AND操作System.Data.SqlClient.SqlException:')'附近的语法不正确

string jdate = (string)Session["jdate"]; 
string clas = (string)Session["class"]; 
string scode = (string)Session["scode"]; 
string dcode = (string)Session["dcode"]; 
cn = new SqlConnection(ConfigurationManager.ConnectionStrings["dummyConnectionString"].ToString()); 

// error shows up on this line 
string slct = "SELECT Route.Route_Source, Route.Route_Destination, Flight.Flight_Name, Schedule.Depart_Time, Schedule.Arr_Time, Schedule.Route_rate_Ad , Seats." + jdate + 
       "Schedule.Sch_id FROM Schedule INNER JOIN Flight ON Schedule.Flight_Id = Flight.Flight_id INNER JOIN Route ON Schedule.Route_id = Route.Route_id INNER JOIN Seats ON Seats.Sch_id = Schedule.Sch_id WHERE (Route.Route_Source =" + scode + ") AND (Route.Route_Destination =" + dcode + ") AND (Seats.Class=" + clas + ") ORDER BY Schedule.Depart_Time, Schedule.Arr_Time, Flight.Flight_Name"; 

cn.Open(); 

SqlDataAdapter da = new SqlDataAdapter(slct, cn); 
DataSet ds = new DataSet(); 
da.Fill(ds); 

SearchView.DataSource = ds; 
SearchView.DataBind();

来源

2014-03-29 user3425101

+2

你的'where'子句中的一个值是否为空?这将导致'where(some_column =)' –

+3

打印您的'slct'变量以查看生成的SQL语句。 – Selcuk

+4

要修复的第一件事:使用参数化的SQL,而不是直接将值放入。我还建议使用逐字字符串文字,以便您可以轻松地将SQL放在多行上,以使其更具可读性。 –

回答

1

它显示了错误的括号内应使用参数化查询。
这将允许更容易理解的查询文本,避免简单的语法错误
(如在第一行(jdate)结束的缺失逗号),
避免SQL注入和含引号或小数点分隔符

串解析问题 
string slct = @"SELECT Route.Route_Source, Route.Route_Destination, 
       Flight.Flight_Name, Schedule.Depart_Time, Schedule.Arr_Time, 
       Schedule.Route_rate_Ad, Seats." + jdate + ", Schedule.Sch_id " + 
       @"FROM Schedule INNER JOIN Flight ON Schedule.Flight_Id = Flight.Flight_id 
         INNER JOIN Route ON Schedule.Route_id = Route.Route_id 
         INNER JOIN Seats ON Seats.Sch_id = Schedule.Sch_id 
       WHERE (Route.Route_Source = @scode) 
        AND (Route.Route_Destination [email protected]) 
        AND ([email protected]) 
       ORDER BY Schedule.Depart_Time, Schedule.Arr_Time, Flight.Flight_Name"; 

cn.Open(); 
SqlCommand cmd = new SqlCommand(slct, cn); 
cmd.Parameters.AddWithValue("@scode", scode); 
cmd.Parameters.AddWithValue("@dcode", dcode); 
cmd.Parameters.AddWithValue("@class", clas); 
SqlDataAdapter da = new SqlDataAdapter(cmd); 
DataSet ds = new DataSet(); 
da.Fill(ds);

来源

2014-03-29 13:36:00 Steve

相关问题

 相关问题