每次插入后,我都会在事件查看器中获取日志。 数据被插入,但由于它在一段时间之后充满了事件查看器,因此在我清理日志之前服务才会启动。
以下是我在日志中的内容:
XY.Archive.SQLClassLibrary.DalException: Problem accessing database. ---> System.Data.SqlClient.SqlException: Incorrect syntax near '_3'.
Unclosed quotation mark after the character string ',308387,null)'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteScalar()
at XY.Archive.SQLClassLibrary.SQLDataAccessLogic.ExecuteCommand(String sqlString)
--- End of inner exception stack trace ---
at XY.Archive.SQLClassLibrary.SQLDataAccessLogic.ExecuteCommand(String sqlString)
at XY.Archive.ServerEngine.Server.InsertDocumentIntoDatabase(Document documentOriginal, Int32 archiveID, String tableName)
Sql string: INSERT INTO table (columns) values (bunch of values) select @@Identity
这是insert语句的创建方式:
Public Shared Function CreateStringForInsertDocument(ByVal tableName As String, ByVal document As Document, ByVal strArchiveTime As String, ByVal indexFieldNames As String, ByVal indexFieldValues As String) As String
Dim strInsert As String = "INSERT INTO " & tableName & " (GUID, ContainerID, DocumentStatusID, ArchiveTime, " & indexFieldNames & ") values ('" & document.GUID & "' ," & document.Container.ContainerID & "," & document.DocumentStatusID & ",'" & strArchiveTime & "'," & indexFieldValues & ") select @@Identity"
Return strInsert
End Function
有人知道可能导致问题的原因吗?
答案 0 :(得分:3)
是。原因是您没有使用参数化查询。仔细阅读“SQL注入”一词
,仔细阅读它们