我用C#初学者,当我执行code出现此错误信息>>
类型的异常'System.Data.SqlClient.SqlException'的发生 System.Data.dll中,但在用户code没有处理
更多信息:附近有语法错误'='。
这是code !!
字符串的位置;
SqlConnection的CON =新的SqlConnection(服务器=免费-PC \\ FATMAH;集成安全性= TRUE;数据库=工作流程;);
con.Open();
的SqlCommand CMD =新的SqlCommand(选择EmpName FROM员工WHERE的EmpID =+ id.Text,CON);
SqlDataReader的读= cmd.ExecuteReader();
如果(Read.Read()==真)
{
位置=阅读[0]的ToString();
回复于(用户注册成功);
}
其他
{
Console.WriteLine(没有员工发现。);
}
Read.Close();
解决方案
有一些问题,你的code。首先,我建议使用参数化查询,让您避免SQL注入攻击,并参数类型发现的框架:
VAR CMD =新的SqlCommand(选择EmpName FROM员工WHERE的EmpID = @id,CON);
cmd.Parameters.AddWithValue(@ ID,id.Text);
第二,你有兴趣只在一个返回值的查询,最好是使用的ExecuteScalar
MSDN:
VAR名称= cmd.ExecuteScalar();
如果(名字!= NULL)
{
位置= name.ToString();
回复于(用户注册成功);
}
其他
{
Console.WriteLine(没有员工发现。);
}
最后一件事是包装的SqlConnection
和的SqlCommand
到使用
所以用这些任何资源将配置:
字符串的位置;
使用(SqlConnection的CON =新的SqlConnection(服务器=免费-PC \\ FATMAH;集成安全性= TRUE;数据库=工作流程;))
{
con.Open();
使用(VAR CMD =新的SqlCommand(选择EmpName FROM员工WHERE的EmpID = @id,CON))
{
cmd.Parameters.AddWithValue(@ ID,id.Text);
VAR名称= cmd.ExecuteScalar();
如果(名字!= NULL)
{
位置= name.ToString();
回复于(用户注册成功);
}
其他
{
Console.WriteLine(没有员工发现。);
}
}
}
I'm a beginner with c#, when I execute the code this error message occurs>>
"An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near '='. "
And this is the code!!
string position;
SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; ");
con.Open();
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=" + id.Text, con);
SqlDataReader Read = cmd.ExecuteReader();
if (Read.Read()==true)
{
position = Read[0].ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
Read.Close();
解决方案
There are some problems with your code. First I advise to use parametrized queries so you avoid SQL Injection attacks and also parameter types are discovered by framework:
var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con);
cmd.Parameters.AddWithValue("@id", id.Text);
Second, as you are interested only in one value returned from query it is better to use ExecuteScalar
MSDN:
var name = cmd.ExecuteScalar();
if (name != null)
{
position = name.ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
Last thing is to wrap SqlConnection
and SqlCommand
into using
so any resources used by those would disposed:
string position;
using (SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; "))
{
con.Open();
using (var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con))
{
cmd.Parameters.AddWithValue("@id", id.Text);
var name = cmd.ExecuteScalar();
if (name != null)
{
position = name.ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
}
}
上一篇:卷曲的呼叫在C#中,旗卷曲