我正在通过c#执行MS Access查询。以下是查询
String SelWHQuery = "SELECT DateDiff('n',INTime,OUTTime)\\60 & '.' & Format(DateDiff('n',[INTime],[OUTTime]) Mod 60,'00') AS Workedhours" +
"' WHERE EMPID = '" + Eno +
"'AND RDate=# "+ DateTime.Now.Date.ToString("yy-MM-dd") +
"# FROM INOUTPunching";
给出以下错误
{“SELECT语句包含拼写错误或缺失的保留字或参数名称,或标点符号不正确。”}
我需要知道:
答案 0 :(得分:0)
您应该在FROM子句之前放置WHERE子句。这是您的查询的问题。而且你有一个额外的单引号应该删除。这是你应该写的查询:
String SelWHQuery = "SELECT DateDiff('n',INTime,OUTTime)\\60 & '.' & Format(DateDiff('n',[INTime],[OUTTime]) Mod 60,'00') AS Workedhours FROM INOUTPunching " +
" WHERE EMPID = '" + Eno +
"'AND RDate=# "+ DateTime.Now.Date.ToString("yy-MM-dd") + "#";
关于一个更简单的方法:不,这是最简单的方法,但它容易发生SQL注入攻击。将其替换为参数化查询(假设您有OldDbCommand名称cmd):
String SelWHQuery = "SELECT DateDiff('n',INTime,OUTTime)\\60 & '.' & Format(DateDiff('n',[INTime],[OUTTime]) Mod 60,'00') AS Workedhours FROM INOUTPunching " +
" WHERE EMPID = @EmpId AND RDate=# "+ DateTime.Now.Date.ToString("yy-MM-dd") + "#";
cmd.CommandType = CommandType.Text;
cmd.CommandText = SelWHQuery;
cmd.Parameters.AddWithValue("@EmpId", Eno);