我正在尝试在标签中显示数据库中的数据(银行名称)。
每个用户在费率表中有四个银行ID。我想从银行表中检索他们的名字。用户标识是会话变量。
查询命令是正确的,但是当我添加会话变量时,会引发错误。
异常详细信息:System.Data.SqlClient.SqlException:'='附近的语法不正确。
来源错误:
第26行:str =“从bank中选择bank_name,rate,[user] where((bank.bank_id = rate.bank_id)和(user.user_id = rate.user_id ='”+ Session [“UserName”] +“'” ;
第27行:com = new SqlCommand(str,con);
第28行:SqlDataReader reader = com.ExecuteReader();
第29行:
第30行:reader.Read();
代码:
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
namespace Displaying_Data_From_Db_to_Label
{
public partial class _Default : System.Web.UI.Page
{
string strConnString = ConfigurationManager.ConnectionStrings["AdminConnectionString"].ConnectionString;
string str;
SqlCommand com;
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(strConnString);
con.Open();
str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id='" + Session["UserName"] + "'";
com = new SqlCommand(str, con);
SqlDataReader reader = com.ExecuteReader();
reader.Read();
labelname1.Text = reader["bank_name"].ToString();
reader.Read();
labelname2.Text = reader["bank_name"].ToString();
reader.Read();
labelname3.Text = reader["bank_name"].ToString();
reader.Close();
con.Close();
}
}
}
Aspx标记:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="Displaying_Data_From_Db_to_Label._Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="labelname1" runat="server" Text="Label"></asp:Label>
<asp:Label ID="labelage1" runat="server" Text="Label"></asp:Label><br />
<asp:Label ID="labelname2" runat="server" Text="Label"></asp:Label>
<asp:Label ID="labelage2" runat="server" Text="Label"></asp:Label><br />
<asp:Label ID="labelname3" runat="server" Text="Label"></asp:Label>
<asp:Label ID="labelage3" runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
答案 0 :(得分:2)
对于初学者,请使用参数化的SQL语句。这将使您的代码更安全,并可能消除错误。
str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id=@UserName";
com = new SqlCommand(str, con);
object obj = Session["UserName"]; // add watch and break point
int username = Convert.ToInt32(obj);
com.Parameters.Add(new SqlParameter("UserName", username ));
SqlDataReader reader = com.ExecuteReader();
免责声明:此代码示例没有错误处理,在生产代码中尝试此操作后将其包装在try / catch中
答案 1 :(得分:0)
你的语法肯定无效。试试这个:
str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id) AND (user.user_id='" + Session["UserName"] + "'))";
答案 2 :(得分:0)
这段代码:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnectioncon=newSqlConnection(ConfigurationManager.ConnectionStrings["CRMConnectionString"].ConnectionString);
String SQL = "SELECT UserName,Password FROM Login";
SqlDataAdapter Adpt = new SqlDataAdapter(SQL, con);
DataSet login = new DataSet();
Adpt.Fill(login);
foreach (DataRow dr in login.Tables[0].Rows)
{
Label3.Text += login.Tables[0].Rows[0]["USerName"].ToString() + "<br />";
Label4.Text += login.Tables[0].Rows[1]["Password"].ToString() + "<br />";
}
}