production代码显示错误
无效的列名称' California'。
但我的Public state_name as String
state_name = Textbox1.Text
Dim constr As String = ConfigurationManager.ConnectionStrings("ApplicationServices").ConnectionString
Dim query As String = "SELECT Count(cities) FROM state_table WHERE state_name=" & state_name
Using conn As New SqlConnection(constr)
Using comm As New SqlCommand()
conn.Open()
With comm
.Connection = conn
.CommandText = query
.CommandType = CommandType.Text
End With
Dim count As Int16 = Convert.ToInt16(comm.ExecuteScalar())
Label1.Text = count
End Using
End Using
表格中已经存在California,我想要计算State表格中所有已列入state_name= california表中的所有城市。
我希望输出为
State答案 0 :(得分:2)
您希望使用参数化查询来避免SQL Injection.
[copy] Copying 2 files to C:\ant\paste
[copy] Copying C:\ant\copy\anythis.a to C:\ant\paste\that.a
[copy] Copying C:\ant\copy\new\testthis.a to C:\ant\paste\new\that.a
答案 1 :(得分:1)
因为您没有用引号括起变量。 "state_name = '" + state_name + "'"
但是,您应该使用参数。