0
我已将数据库从Access
转换为Sql
,因为Sql
不接受format()
因此显示错误。在预期条件的上下文中指定的非布尔类型的表达式,在'and'附近
这是我的代码:
DefaultStr = "" &
"SELECT StudentAccount.Dated, StudentAccountS.StAdmNo, StudentAccountS.StClass, " &
"StudentAccountS.StName, StudentAccount.Perticular, StudentAccount.Amount,StudentAccount.Remark,StudentAccount.PayMode,TransactionID " &
"FROM (StudentAccount LEFT OUTER JOIN StudentAccountS ON StudentAccount.SSID = StudentAccountS.SSID) " &
"WHERE (StudentAccount.Debit) and (StudentAccount.Dated Between " &
"#" & Format(DateFrom, "MM/dd/yyyy") & "# AND #" & Format(DateTo, "MM/dd/yyyy") & "#)"
Select Case SIndex
Case 0
SelStr = " AND (StudentAccount.PayMode = '" & OptionStr & "') Order By StudentAccount.Dated"
Case 1
SelStr = " AND (StudentAccount.Perticular = '" & OptionStr & "') Order By StudentAccount.Dated"
Case 2, 3
SelStr = " AND (StudentAccount.TransType = '" & filterStr & "') Order By StudentAccount.Dated"
Case Else
SelStr = Nothing
End Select
Da = New SqlDataAdapter(DefaultStr & SelStr, Conn)
Ds = New DataSet
Da.Fill(Ds)
在'mssql',当你存储'date'(或'datetime')值不使用''#(像'Access'),但单引号。什么是DateTo和DateFrom变量?如果他们然后使用这样的东西:''“&String.Format(”{0:MM/dd/yyyy}“,DateTo)&”'' – nelek
我还会补充说,你不应该使用字符串连接sql命令。使用参数化的sql。看到这个http://stackoverflow.com/questions/306668/are-parameters-really-enough-to-prevent-sql-injections – chrisl08
这也抛出相同的错误 – Ankit