我是c#的初学者,当我执行代码时出现此错误消息>>
“System.Data.dll中出现'System.Data.SqlClient.SqlException'类型的异常,但未在用户代码中处理
附加信息:'='附近的语法不正确。 “
这是代码!!
string position;
SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; ");
con.Open();
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=" + id.Text, con);
SqlDataReader Read = cmd.ExecuteReader();
if (Read.Read()==true)
{
position = Read[0].ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
Read.Close();
您的代码存在一些问题。首先,我建议使用参数化查询,以避免SQL注入攻击,并且框架也会发现参数类型:
var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con);
cmd.Parameters.AddWithValue("@id", id.Text);
其次,由于您只对从查询返回的一个值感兴趣,最好使用ExecuteScalar
MSDN:
var name = cmd.ExecuteScalar();
if (name != null)
{
position = name.ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
最后一件事是将SqlConnection
和SqlCommand
包装到using
中,以便那些使用的资源将被处理:
string position;
using (SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; "))
{
con.Open();
using (var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con))
{
cmd.Parameters.AddWithValue("@id", id.Text);
var name = cmd.ExecuteScalar();
if (name != null)
{
position = name.ToString();
Response.Write("User Registration successful");
}
else
{
Console.WriteLine("No Employee found.");
}
}
}
我认为你的EmpID
专栏是字符串,你忘了在你的价值中使用' '
。
因为当你写EmpID=" + id.Text
时,你的命令看起来像EmpID = 12345
而不是EmpID = '12345'
将你的SqlCommand
改为
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID='" + id.Text +"'", con);
或者作为一种更好的方式,你可以(并且应该)始终使用parameterized queries
。这种字符串连接对于SQL Injection
攻击是开放的。
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con);
cmd.Parameters.AddWithValue("@id", id.Text);
我认为你的EmpID
列保留了你的员工id,所以它的类型应该是一些数字类型而不是字符。
试试这个
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=@id", con);
cmd.Parameters.AddWithValue("id", id.Text);
System.Data.dll中发生了类型为“System.Data.SqlClient.SqlException”的未处理异常
private const string strconneciton = "Data Source=.;Initial Catalog=Employees;Integrated Security=True";
SqlConnection con = new SqlConnection(strconneciton);
private void button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand("insert into EmployeeData (Name,S/O,Address,Phone,CellNo,CNICNO,LicenseNo,LicenseDistrict,LicenseValidPhoto,ReferenceName,ReferenceContactNo) values ( '" + textName.Text + "','" + textSO.Text + "','" + textAddress.Text + "','" + textPhone.Text + "','" + textCell.Text + "','" + textCNIC.Text + "','" + textLicenseNo.Text + "','" + textLicenseDistrict.Text + "','" + textLicensePhoto.Text + "','" + textReferenceName.Text + "','" + textContact.Text + "' )", con);
cmd.ExecuteNonQuery();
con.Close();
}
使用try-catch查看发生的真实错误
try
{
//Your insert code here
}
catch (System.Data.SqlClient.SqlException sqlException)
{
System.Windows.Forms.MessageBox.Show(sqlException.Message);
}
using (var cmd = new SqlCommand("SELECT EmpName FROM [Employee] WHERE EmpID = @id", con))
把[]
放在表名周围;)