System.Data.dll中出现“System.Data.SqlClient.SqlException”类型的异常

时间:2013-11-18 08:13:10

标签: c# .net sql sql-server visual-studio-2013

我是c#的初学者,当我执行代码时出现此错误消息>>

  

“发生了'System.Data.SqlClient.SqlException'类型的异常   System.Data.dll但未在用户代码中处理

     

其他信息:'='附近的语法不正确。 “

这就是代码!! 

string position;

SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; ");
con.Open();
SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=" + id.Text, con);

SqlDataReader Read = cmd.ExecuteReader();

if (Read.Read()==true)
{
    position = Read[0].ToString();
    Response.Write("User Registration successful");
}
else
{
    Console.WriteLine("No Employee found.");
}

Read.Close();

6 个答案:

答案 0 :(得分:12)

您的代码存在一些问题。首先,我建议使用参数化查询,以避免SQL注入攻击,并且框架也会发现参数类型:

var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con);
cmd.Parameters.AddWithValue("@id", id.Text);

其次,由于您只对查询返回的一个值感兴趣,最好使用ExecuteScalar MSDN

var name = cmd.ExecuteScalar();

if (name != null)
{
   position = name.ToString();
   Response.Write("User Registration successful");
}
else
{
    Console.WriteLine("No Employee found.");
}

最后一件事是将SqlConnectionSqlCommand包装到using中,以便那些使用的资源处理掉:

string position;

using (SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; "))
{
  con.Open();

  using (var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con))
  {
    cmd.Parameters.AddWithValue("@id", id.Text);

    var name = cmd.ExecuteScalar();

    if (name != null)
    {
       position = name.ToString();
       Response.Write("User Registration successful");
    }
    else
    {
        Console.WriteLine("No Employee found.");
    }
  }
}

答案 1 :(得分:6)

我认为您的EmpID列是字符串,而您忘记在值中使用' '

因为当你写EmpID=" + id.Text时,你的命令看起来像EmpID = 12345而不是EmpID = '12345'

SqlCommand更改为

SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID='" + id.Text +"'", con);

或者作为一种更好的方式,您可以(并且应该)始终使用parameterized queries。这种字符串连接对SQL Injection攻击开放。

SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con);
cmd.Parameters.AddWithValue("@id", id.Text);

我认为您的EmpID列会保留您的员工ID,因此它的类型应该是某种数字类型而不是字符。

答案 2 :(得分:3)

试试这个

SqlCommand cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID=@id", con);
cmd.Parameters.AddWithValue("id", id.Text);

答案 3 :(得分:0)

System.Data.dll中出现未处理的“System.Data.SqlClient.SqlException”类型异常

    private const string strconneciton = "Data Source=.;Initial Catalog=Employees;Integrated Security=True";
    SqlConnection con = new SqlConnection(strconneciton);

    private void button1_Click(object sender, EventArgs e)
    {

        con.Open();
        SqlCommand cmd = new SqlCommand("insert into EmployeeData (Name,S/O,Address,Phone,CellNo,CNICNO,LicenseNo,LicenseDistrict,LicenseValidPhoto,ReferenceName,ReferenceContactNo) values ( '" + textName.Text + "','" + textSO.Text + "','" + textAddress.Text + "','" + textPhone.Text + "','" + textCell.Text + "','" + textCNIC.Text + "','" + textLicenseNo.Text + "','" + textLicenseDistrict.Text + "','" + textLicensePhoto.Text + "','" + textReferenceName.Text + "','" + textContact.Text + "' )", con);
        cmd.ExecuteNonQuery();
        con.Close();
    }

答案 4 :(得分:0)

使用try-catch查看您身上发生的实际错误

 try
{
  //Your insert code here
}
catch (System.Data.SqlClient.SqlException sqlException)
{
  System.Windows.Forms.MessageBox.Show(sqlException.Message);
}

答案 5 :(得分:-2)

using (var cmd = new SqlCommand("SELECT EmpName FROM [Employee] WHERE EmpID = @id", con))

[]放在表名周围;)

相关问题
最新问题