列名称'Shop_Name'无效错误

时间:2013-12-07 00:48:26

标签: c# asp.net sql

根据下拉列表中的选择,我有一个下拉列表,我填写了一个复选框列表。

        protected void dropdown_SelectedIndexChanged(object sender, EventArgs e)
    {
        SqlConnection Mcon = new SqlConnection(MA);
        SqlCommand command = new SqlCommand("select distinct Shop_Name from prod.dbo.Dim_Shop f INNER JOIN Dim_Warehouse p on p.Warehouse_key = f.Warehouse_Key where p.Warehouse_DB_Name=" + this.dropdown.SelectedValue, Mcon);
        SqlDataAdapter dataAadpter = new SqlDataAdapter(command);
        DataSet ds = new DataSet();
        dataAadpter.Fill(ds);
        CheckBoxList1.DataSource = ds;
        CheckBoxList1.DataTextField = "Shop_Name";
        CheckBoxList1.DataBind();
    }

当我运行此操作时,我收到无效列名称错误。任何人都可以帮助我吗?

1 个答案:

答案 0 :(得分:2)

问题:您没有在this.dropdown.SelectedValue查询中正确提供SELECT参数的单引号。

解决方案:您需要将VARCHAR类型正确附加在单引号中。

试试这个:

SqlCommand command = new SqlCommand("select distinct Shop_Name from prod.dbo.Dim_Shop f INNER JOIN Dim_Warehouse p on p.Warehouse_key = f.Warehouse_Key where p.Warehouse_DB_Name='" + this.dropdown.SelectedValue+"'", Mcon);

您的Query对sql injection attacks开放,请使用parameterised queries来避免它们。

使用参数化查询:

SqlCommand command = new SqlCommand("select distinct Shop_Name from prod.dbo.Dim_Shop f INNER JOIN Dim_Warehouse p on p.Warehouse_key = f.Warehouse_Key where p.Warehouse_DB_Name=@name", Mcon);

command.Parameters.AddWithValue("@name",this.dropdown.SelectedValue);
相关问题
最新问题