我可以问为什么弹出的消息会弹出ID附近的错误吗?我找不到解决方法。单击按钮后,它会弹出此消息。
消息: “ID”附近的语法错误
public override bool fnSaveNewRecord()
{
DataSet _ds;
string _sql;
object _obj;
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'";
_ds = new DataSet();
_obj = new SqlDatabase(App_Common._WSFCSConnStr) as SqlDatabase;
_ds = ((SqlDatabase)_obj).ExecuteDataSetQ(_sql);
return base.fnSaveNewRecord();
}
答案 0 :(得分:3)
尝试使用此查询:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES( '" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "'"+ "')'";
您错过了使用Values(v1,v2)的括号作为@Peter B评论
查看this link以获取SQL insert语句的参考。
使用参数化查询总是比串联字符串更好,因为它容易受到SQL注入攻击。
Here是使用参数化查询的参考。
希望这有帮助!
答案 1 :(得分:3)
您的SQL语句错误,因为值的括号丢失。
代码非常混乱,很难看到第一眼。因此,您最好使用参数来创建一个更简洁的语句,您可以轻松阅读并检查语法错误:
INSERT INTO do_information
( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by )
VALUES
( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )
但你甚至可以做更多的事情来清理这些代码。包裹所有查询。这是你的陈述的一个例子:
从一些可重用的基本声明开始
public interface IExecuteQuery
{
int Execute();
Task<int> ExecuteAsync( CancellationToken cancellationToken );
}
public abstract class SqlExecuteQuery : IExecuteQuery
{
private readonly DbConnection _connection;
private readonly Lazy<DbCommand> _command;
protected SqlExecuteQuery( DbConnection connection )
{
if ( connection == null )
throw new ArgumentNullException( nameof( connection ) );
_connection = connection;
_command = new Lazy<DbCommand>(
() =>
{
var command = _connection.CreateCommand( );
PrepareCommand( command );
return command;
} );
}
protected abstract void PrepareCommand( DbCommand command );
protected DbCommand Command => _command.Value;
protected virtual string GetParameterNameFromPropertyName( string propertyName )
{
return "@" + propertyName;
}
protected T GetParameterValue<T>( [CallerMemberName] string propertyName = null )
{
object value = Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value;
if ( value == DBNull.Value )
{
value = null;
}
return (T) value;
}
protected void SetParamaterValue<T>( T newValue, [CallerMemberName] string propertyName = null )
{
object value = newValue;
if ( value == null )
{
value = DBNull.Value;
}
Command.Parameters[ GetParameterNameFromPropertyName( propertyName ) ].Value = value;
}
protected virtual void OnBeforeExecute() { }
public int Execute()
{
OnBeforeExecute( );
return Command.ExecuteNonQuery( );
}
public async Task<int> ExecuteAsync( CancellationToken cancellationToken )
{
OnBeforeExecute( );
return await Command.ExecuteNonQueryAsync( cancellationToken );
}
}
public static class DbCommandExtensions
{
public static DbParameter AddParameter( this DbCommand command, Action<DbParameter> configureAction )
{
var parameter = command.CreateParameter( );
configureAction( parameter );
command.Parameters.Add( parameter );
return parameter;
}
}
现在为你的陈述定义一个接口
public interface IInsertInformationQuery : IExecuteQuery
{
string CodeId { get; set; }
string SubInventoryCode { get; set; }
string ContactCode { get; set; }
string CompanyCode { get; set; }
string CorgCode { get; set; }
string UserCode { get; }
}
实施
public class SqlInsertInformationQuery : SqlExecuteQuery, IInsertInformationQuery
{
public SqlInsertInformationQuery( DbConnection connection ) : base( connection )
{
}
protected override void OnBeforeExecute()
{
UserCode = App_Common._USER_CODE; // this should be injected
}
protected override void PrepareCommand( DbCommand command )
{
command.CommandText =
@"INSERT INTO do_information ( die_class_code, subinventory_code, contact_code, company_code, corg_code, created_on, created_by ) " +
@"VALUES ( @CodeId, @SubInventoryCode, @ContactCode, @CompanyCode, @CorgCode, GETDATE(), @UserCode )";
command.AddParameter( p =>
{
p.ParameterName = "@CodeId";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@SubInventoryCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@ContactCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CompanyCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@CorgCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
command.AddParameter( p =>
{
p.ParameterName = "@UserCode";
p.DbType = System.Data.DbType.String;
p.Direction = System.Data.ParameterDirection.Input;
} );
}
public string CodeId
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string SubInventoryCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string ContactCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CompanyCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string CorgCode
{
get => GetParameterValue<string>( );
set => SetParamaterValue( value );
}
public string UserCode
{
get => GetParameterValue<string>( );
private set => SetParamaterValue( value );
}
}
最后你的代码看起来像
public override bool fnSaveNewRecord()
{
var database = new SqlDatabase(App_Common._WSFCSConnStr);
using ( var connection = database.CreateConnection() )
{
connection.Open();
IInsertInformationQuery query = new SqlInserInformationQuery( connection );
query.CodeId = txt_CodeID.Text.Trim();
query.SubInventoryCode = cbx_SubInventoryCode.Text;
query.ContactCode = cbx_ContactCode.Text;
query.CompanyCode = cbx_CompanyCode.Text;
query.CorgCode = cbx_CorgCode.Text;
var recordsAffected = query.Execute();
}
return base.fnSaveNewRecord();
}
答案 2 :(得分:0)
您的SQL查询错误:
_sql = "INSERT INTO do_information(die_class_code,subinvetory_code,contact_code,company_code, " +
"corg_code,created_on,created_by) " +
"VALUES ('" + txt_CodeID.Text.Trim() + "','" + cbx_SubInventoryCode.Text + "'," +
"'" + cbx_ContactCode.Text + "','" + cbx_CompanyCode.Text + "','" + cbx_CorgCode.Text + "','" +
"',GETDATE(),'" + App_Common._USER_CODE + "')";
您的值必须放在括号中。看看这个: