错误"令牌未知"在Borland

时间:2017-02-08 10:51:38

标签: c# asp.net ado.net interbase

您好我收到错误:

  

令牌未知 - 第1行,第74页

当我尝试使用sql注入进行查询时,没有参数我没有任何问题,这里是代码:

var sendFiletoFTP = function(FTPObj, myPartenaire) {
    return new Promise((res,rej) => {
        let sftp = new Client();
        sftp.connect(FTPObj).then(() => {
            return sftp.put(myDownloadedFile, myDownloadedFile)
        })
        .then((data) => {
            sftp.end()
        })
        .then(() => {
            log.info("OK pour " + myPartenaire + " : " + myDownloadedFile);
            res()
        })
        .catch((error) => {
            rej(error)
        })
    })
}

堆栈追踪:

  DbProviderFactory   factory= DbProviderFactories.GetFactory("Borland.Data.AdoDbxClient");

        IDbConnection c = factory.CreateConnection();
        c.ConnectionString = "DriverName=Interbase;Database=....;RoleName=RoleName;User_Name=...;Password=......;SQLDialect=1;MetaDataAssemblyLoader=Borland.Data.TDBXInterbaseMetaDataCommandFactory,Borland.Data.DbxReadOnlyMetaData,Version=11.0.5000.0,Culture=neutral,PublicKeyToken=91d62ebb5b0d1b1b;GetDriverFunc=getSQLDriverINTERBASE;LibraryName=dbxint30.dll;VendorLib=GDS32.DLL";
        c.Open();

        IDbCommand cmd = c.CreateCommand();
        cmd.CommandText = @"SELECT ID,NAME FROM USERS  WHERE UPPER(NAME) = @NAME ORDER BY ID";
        cmd.Connection = c;

        IDbDataParameter p = cmd.CreateParameter();
        p.ParameterName = "@NAME";
        p.DbType = DbType.String;
        p.Size = 15;
        p.Value = "test_spring";
        cmd.Parameters.Add(p);

        IDataReader myreader = cmd.ExecuteReader();

        DataTable dt = new DataTable();

        int fieldCount = myreader.FieldCount;
        for (int i = 0; i < fieldCount; i++)
        {
            dt.Columns.Add(myreader.GetName(i), myreader.GetFieldType(i));
        }
        while (myreader.Read())
        {
            object[] values = new object[fieldCount];
            myreader.GetValues(values);
            DataRow dataRow = dt.Rows.Add(values);
            // We should not AcceptChangesDuringFill to avoid multiple data row versions
        }

        dt.EndLoadData();

Plz我想完成一个项目!有什么想法??

1 个答案:

答案 0 :(得分:0)

您忘了为IDbCommand cmd设置CommandType,而且我更改了参数化变量的名称。

    using (DbCommand cmd = c.CreateCommand())
    {
       cmd.CommandText = @"SELECT ID, NAME FROM USERS WHERE UPPER(NAME) = @name ORDER BY ID";
       cmd.Connection = c;
       cmd.CommandType = CommandType.Text

       IDbDataParameter p = cmd.CreateParameter();
       p.ParameterName = "@name";
       p.DbType = DbType.String;
       p.Size = 15;
       p.Value = "test_spring";
       cmd.Parameters.Add(p);
    }