您好我收到错误:
令牌未知 - 第1行,第74页
当我尝试使用sql注入进行查询时,没有参数我没有任何问题,这里是代码:
var sendFiletoFTP = function(FTPObj, myPartenaire) {
return new Promise((res,rej) => {
let sftp = new Client();
sftp.connect(FTPObj).then(() => {
return sftp.put(myDownloadedFile, myDownloadedFile)
})
.then((data) => {
sftp.end()
})
.then(() => {
log.info("OK pour " + myPartenaire + " : " + myDownloadedFile);
res()
})
.catch((error) => {
rej(error)
})
})
}
堆栈追踪:
DbProviderFactory factory= DbProviderFactories.GetFactory("Borland.Data.AdoDbxClient");
IDbConnection c = factory.CreateConnection();
c.ConnectionString = "DriverName=Interbase;Database=....;RoleName=RoleName;User_Name=...;Password=......;SQLDialect=1;MetaDataAssemblyLoader=Borland.Data.TDBXInterbaseMetaDataCommandFactory,Borland.Data.DbxReadOnlyMetaData,Version=11.0.5000.0,Culture=neutral,PublicKeyToken=91d62ebb5b0d1b1b;GetDriverFunc=getSQLDriverINTERBASE;LibraryName=dbxint30.dll;VendorLib=GDS32.DLL";
c.Open();
IDbCommand cmd = c.CreateCommand();
cmd.CommandText = @"SELECT ID,NAME FROM USERS WHERE UPPER(NAME) = @NAME ORDER BY ID";
cmd.Connection = c;
IDbDataParameter p = cmd.CreateParameter();
p.ParameterName = "@NAME";
p.DbType = DbType.String;
p.Size = 15;
p.Value = "test_spring";
cmd.Parameters.Add(p);
IDataReader myreader = cmd.ExecuteReader();
DataTable dt = new DataTable();
int fieldCount = myreader.FieldCount;
for (int i = 0; i < fieldCount; i++)
{
dt.Columns.Add(myreader.GetName(i), myreader.GetFieldType(i));
}
while (myreader.Read())
{
object[] values = new object[fieldCount];
myreader.GetValues(values);
DataRow dataRow = dt.Rows.Add(values);
// We should not AcceptChangesDuringFill to avoid multiple data row versions
}
dt.EndLoadData();
Plz我想完成一个项目!有什么想法??
答案 0 :(得分:0)
您忘了为IDbCommand cmd设置CommandType,而且我更改了参数化变量的名称。
using (DbCommand cmd = c.CreateCommand())
{
cmd.CommandText = @"SELECT ID, NAME FROM USERS WHERE UPPER(NAME) = @name ORDER BY ID";
cmd.Connection = c;
cmd.CommandType = CommandType.Text
IDbDataParameter p = cmd.CreateParameter();
p.ParameterName = "@name";
p.DbType = DbType.String;
p.Size = 15;
p.Value = "test_spring";
cmd.Parameters.Add(p);
}