在尝试向visual studio asp站点上的访问数据库添加条目时收到以下错误。
类型' System.Data.OleDb.OleDbException'的例外情况发生在System.Data.dll中但未在用户代码中处理。 附加信息:查询表达式中的语法错误(缺少运算符)' EQEventNo = AND EQMemberRef = 3'。
我知道我在我的copnnection上有空白但我在这个网站上找到了一个解决方案,它似乎有效,但现在我遇到了新的错误
非常感谢任何帮助
由于
protected void RegisterButton_Click(object sender, EventArgs e)
{
var getPass = txtPassword.Text;
Page.ClientScript.RegisterStartupScript(this.GetType(),
"Scripts","<script>alert('" + getPass + "');</script>");
//Check if password entered if not message alert
if (getPass == "")
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Scripts", "<Script>alert('Password is required Please Enter');</script>");
return; //Exit this event
}
//check if member is registered
var getMem = DropDownList1.Text;
var getEventNo = Request.QueryString["EQEventNo"];
OleDbConnection con = new OleDbConnection(@"Provider = Microsoft.ACE.OLEDB.12.0; Data Source =C:\Users\David\Desktop\David McFall - web app 2\WebSite1\App_Data\OmaghEquestrianAssociation.accdb");
OleDbCommand cmd = new OleDbCommand("SELECT COUNT(*) FROM tblEQApplicant WHERE EQEventNo=@EQEventNo AND EQMemberRef=@EQMemberRef", con);
cmd.Parameters.Add("@EQEventNo", OleDbType.VarChar).Value = getEventNo;
cmd.Parameters.Add("@EQMemberRef", OleDbType.VarChar).Value = getMem;
try
{
con.Open();
}
catch (Exception)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Scripts",
"<script>alert('Cannot connect to database');</script>");
return; //Exit this event
}
int cnt = (int)cmd.ExecuteScalar();
if (cnt > 0)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Scripts", "<script>alert('Member is already registered');</script>");
}
else
{
OleDbCommand cmdPass = new OleDbCommand("SELECT COUNT(*) FROM tblEQMember WHERE EQMemberRef="
+ getMem + " AND Pssword=" + getPass + "'", con);
int cntPass = (int)cmdPass.ExecuteScalar();
DateTime now = DateTime.Now;
string date = now.GetDateTimeFormats('d')[0];
if (cntPass == 1)
{
string sqlcmd = "Insert into tblEQApplicant(EQEventNo, EQMemberRef, DateJoined) values (" + getEventNo + ", " + getMem + ", '" + date + "' )";
OleDbCommand cmdReg = new OleDbCommand(sqlcmd, con);
cmdReg.ExecuteNonQuery();
con.Close();
Response.Redirect(Request.RawUrl);
//Page.ClientScript.RegisterStartupScript(this.GetType(), "Scripts", "<script>alert('Member registered');</script>");
}
else
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Scripts", "<script>alert('Password Incorrect');</script>");
}
}
}
答案 0 :(得分:0)
使用参数而不是字符串连接来创建语句:
OleDbCommand cmd = new OleDbCommand("SELECT COUNT(*) FROM tblEQApplicant WHERE EQEventNo=@EQEventNo AND EQMemberRef=@EQMemberRef", con);
cmd.Parameters.Add("@EQEventNo", OleDbType.VarChar).Value = getEventNo;
cmd.Parameters.Add("@EQEventNo", OleDbType.VarChar).Value = getMem;
它不仅可以修复您的错误,还可以保护您免受SQL注入攻击。