我正在尝试在ASP.net中创建一个Web,它向我展示了我们组织发布的出版物。这是cs文件中的一些代码。
//2nd - Setup SQL Command
SqlCommand cmd = new SqlCommand("SELECT [IDTip], [Date], CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image], REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS ContentConverted, Recognition, FROM tips WHERE IDTip =" + Request.QueryString["IDTip"], new SqlConnection(HealthReachConString));
//3rd - Attempt to open the connection to the DB
cmd.Connection.Open();
//4th - Go and fetch some data and apply it to our controls
SqlDataReader objReader = cmd.ExecuteReader();
while (objReader.Read())
{
lblDate.Text = objReader.GetString(2);
lblTitle.Text = objReader.GetString(4);
lblTip.Text = Convert.ToString(objReader["ContentConverted"]);
imgContentPicture.ImageUrl = "~/files/Health_Tips/" + objReader.GetString(5);
if (objReader.GetString(5) == " " || objReader.GetString(5) == "")
{
imgContentPicture.Visible = false;
}
else
{
imgContentPicture.Visible = true;
}
}
objReader.Close();
cmd.Connection.Close();
这是我得到的错误。
“/”应用程序中的服务器错误 关键字'FROM'附近的语法不正确。
描述:执行当前Web请求期间发生未处理的异常。请查看堆栈跟踪,以获取有关错误及其在代码中的起源位置的更多信息 异常详细信息:System.Data.SqlClient.SqlException:关键字“FROM”附近的语法不正确。来源错误:
第23行:
第24行://第4行 - 转到并获取一些数据并将其应用于我们的控件 第25行:SqlDataReader objReader = cmd.ExecuteReader();
第26行:while(objReader.Read())
第27行:{堆栈追踪:
[SqlException(0x80131904):关键字“FROM”附近的语法不正确。]
System.Data.SqlClient.SqlConnection.OnError(SqlException异常,Boolean breakConnection,Action`1 wrapCloseInAction)+1791910
System.Data.SqlClient.SqlInternalConnection.OnError(SQLEXCEPTION exception,Boolean breakConnection,Action`1 wrapCloseInAction)+5347106 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec&gt; t stateObj,Boolean callerHasConnectionLock,Boolean asyncClose)+546
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean&amp; dataReady)+1693
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()+61
System.Data.SqlClient.SqlDataReader.get_MetaData()+90
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior,String resetOptionsString)+377
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async,Int32 timeout,Task&amp; task,Boolean asyncWrite,SqlDataReader ds)+1421
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method,TaskCompletionSource`1 completion,Int32 timeout,Task&amp; task,Boolean asyncWrite)+177
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method)+53 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior,String method)+137
System.Data.SqlClient.SqlCommand.ExecuteReader()+99
PressRoom_Detail.Page_Load(Object sender,EventArgs e)在E:\ web \ healthreach \ htdocs \ Tips_Detail.aspx.cs:25
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender,EventArgs e)+51
System.Web.UI.Control.OnLoad(EventArgs e)+92
System.Web.UI.Control.LoadRecursive()+54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint)+772
知道发生了什么事吗?
答案 0 :(得分:3)
为了澄清您的问题,额外的逗号向SQL指示存在另一个参数,但您的参数是FROM。在FROM之前删除逗号后,您的语法应该有效。假设您已为CONVERT和Alias函数指明了正确的语法。
我还想表明您的查询容易出现SQL注入。要解决该部分,您应该这样做:
SELECT [IDTip], [Date],
CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image],
REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS [ContentConverted], [Recognition]
FROM [Tips]
WHERE ([IDTip] = @Id);
在我的评论中,这就是我在查询中看到的错误。
答案 1 :(得分:2)
额外的垃圾:
SELECT ... Recognition, FROM ...
^---