语法错误:System.Data.SqlClient.SqlException:'='附近的语法不正确

时间:2016-08-04 07:03:42

标签: c# asp.net

我收到此服务器错误,我无法弄清楚问题出在哪里:

  

描述:执行期间发生了未处理的异常   当前的网络请求。请查看堆栈跟踪了解更多信息   有关错误的信息以及它在代码中的起源。

     

异常详细信息:System.Data.SqlClient.SqlException:不正确   '='附近的语法。

我的代码在这里:

 public partial class v2_kradescription : System.Web.UI.Page
{
SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());

protected void Page_Load(object sender, EventArgs e)
{
        try
        {
        // icnoA for appraisee icno


        string role = "";

        string kr_icno = (string)(Session["s_icno"]);
        string kr_position = (string)(Session["kr_position"]);
        string kr_description = (string)(Session["kr_description"]);

        Session["role"] = role;

        if (role == "KRA")
        {
            kr_icno = (string)(Session["s_icno"]);
            kr_position = (string)(Session["kr_position"]);
            kr_description = (string)(Session["kr_description"]);
        }
            conn.Open();
            SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno; 
            conn.Close();
        }

    catch (Exception ex)
    {
        lblMsg.Text = ex.Message; //" Error while saving the record.";  
    }
    //conn.Open();
    //string icno = (string)(Session["s_icno"]);
    //SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = " + icno;

    //conn.Close();

   }

 protected void  GridView1_OnRowDataBound(object sender, GridViewRowEventArgs e)
 {
    string kr_id = Request.QueryString["kr_id"];

    string id = "";

    if (e.Row.RowType == DataControlRowType.DataRow)
    {
        id = GridView1.DataKeys[e.Row.RowIndex].Values[0].ToString();
    }
    Label lblposition = (Label)e.Row.FindControl("lblposition");
    Label lbldescription = (Label)e.Row.FindControl("lbldescription");

    if(e.Row.DataItem != null)
    {
        conn.Open();

        String queryA = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective  WHERE kr_icno = " + s_icno;
        SqlCommand cmdA = new SqlCommand(queryA, conn);
        SqlDataReader drA = cmdA.ExecuteReader();

        if (drA.Read())
        {
            lblposition.Text = drA["kr_position"].ToString();
            lbldescription.Text = drA["kr_description"].ToString();
        }
        drA.Close();
    }
}

 protected void GridView1_OnRowEdited(object sender, GridViewEditEventArgs e)
{
    GridView1.EditIndex = e.NewEditIndex;
}

     protected void GridView1_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e)
{
    GridView1.Focus();
}

protected void GridView1_OnRowUpdated(object sender, GridViewUpdateEventArgs e)
{
   Response.Redirect("kra_description.aspx?Sucess");
}

protected void OnPaging(object sender, GridViewPageEventArgs e)
{
    GridView1.PageIndex = e.NewPageIndex;
}

protected void btnPreview_Click(object sender, EventArgs e)
{
            Response.Redirect("kra_pdf.aspx");
}

protected void btnSubmit_Click(object sender, EventArgs e)
{
    if (Page.IsValid)
    {

        string kricno = (string)(Session["s_icno"]);
        string krid = (string)(Session["kr_id"]);
        string krdescription = (string)(Session["kr_description"]);
        string krposition = (string)(Session["kr_position"]); ;

        try
        {

            // get requester name, companyid, primary appraiser of requester

            String queryA = "SELECT kr_id, kr_description, kr_position FROM tblKRAObjective WHERE s_icno = '"+kricno;
            SqlCommand cmdA = new SqlCommand(queryA);
            SqlDataReader drA = cmdA.ExecuteReader();

            if (drA.Read())
            {
                krid = drA["kr_id"].ToString();
                kricno = drA["kr_icno"].ToString();
                krdescription = drA["kr_description"].ToString();
                krposition = drA["kr_position"].ToString();
            }
            drA.Close();

            SqlCommand cmd1 = new SqlCommand();
            cmd1.CommandType = CommandType.StoredProcedure;

            cmd1.Parameters.Add("@kr_id", SqlDbType.NVarChar).Value = krid.ToString();
            cmd1.Parameters.Add("@kr_descpription", SqlDbType.NVarChar).Value = krdescription.ToString();
            cmd1.Parameters.Add("@kr_position", SqlDbType.NVarChar).Value = krposition.ToString();
            cmd1.Parameters.Add("@kr_icno", SqlDbType.NVarChar).Value = kricno.ToString();

            cmd1.ExecuteNonQuery();


             }
                catch (Exception ex)
        {
            lblMsg.Text = ex.Message; //" Error while saving the record.";  
        }
        Response.Redirect("kra_dashboard.aspx");
    }
}


protected void btnAddNew_Click(object sender, EventArgs e)
{

}
}

2 个答案:

答案 0 :(得分:3)

在此行中,您缺少表名与Where

之间的空格 
SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno;

试试这个:

"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";

为了避免Sql Injections使用Parameterized queries

答案 1 :(得分:0)

请在Where之前提供空格,并在参数中添加单引号,因为它是字符串

尝试下面

"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";
相关问题
最新问题