错误:“列名无效”,但已创建列

时间:2017-12-01 08:00:06

标签: c# asp.net sql-server sqlcommand

我创建了一个Web项目,但是当我尝试将值插入本地数据库时,出现以下错误:

  

错误:列名称''22 478 295 290'无效。列名称''Oreki''无效。列名称“Redgrave”无效。列名称“女性”无效。列名称''Sample@gmail.com''无效。列名称''1234'无效。列名称''12,2017 2017'无效。列名称''18:41:44:529'无效。

这是我的SQL表:

CREATE TABLE [dbo].[Account] (
[ID]           VARCHAR(50)          NOT NULL,
[Firstname]    VARCHAR (MAX)   NOT NULL,
[Lastname]     VARCHAR(50) NOT NULL,
[Gender]       VARCHAR (10)    NOT NULL,
[Email]        VARCHAR(50)            NOT NULL,
[Password]     VARCHAR(50)            NOT NULL,
[DateRegister] VARCHAR (50)    NOT NULL,
[TimeRegister] VARCHAR (25)    NOT NULL, 
CONSTRAINT [PK_Account] PRIMARY KEY ([ID])

);

这是我的ASP.Net C#代码:

    try
    {
        SqlConnection Connect = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=C:\\Users\\Oreki Illustration\\Documents\\NowTips.mdf;Integrated Security=True;Connect Timeout=30");
        SqlCommand Say = new SqlCommand();
        DateTime Date = DateTime.Now;

        string GetStringDate = Date.Month.ToString() + ", " + Date.Day.ToString() + " " + Date.Year.ToString();
        string GetStringTime = Date.Hour.ToString() + ":" + Date.Minute.ToString() + ":" + Date.Second.ToString() + ":" + Date.Millisecond.ToString();

        Connect.Open();
        Say.Connection = Connect;
        Say.CommandText = "Insert into Account values (['" + GetID + "'], ['" + Firstname.Text + "'], ['" + Lastname.Text + "'], ['" + Gender.SelectedValue.ToString() + "'], ['" + Email.Text + "'], ['" + RePassword.Text + "'], ['" + GetStringDate + "'], ['" + GetStringTime + "'])";
        Say.ExecuteNonQuery();
        Connect.Close();

    }
    catch (Exception Message)
    {
        form1.InnerHtml = "Error : " + Message.Message;
    }


public string GetID
{
    get
    {
        string A = "", B = "", C = "", D = "";

        Random RandomID = new Random();

        for (int x = 0; x < 10; x++) A = RandomID.Next(1000).ToString();
        for (int x = 0; x < 10; x++) B = RandomID.Next(1000).ToString();
        for (int x = 0; x < 10; x++) C = RandomID.Next(1000).ToString();
        for (int x = 0; x < 10; x++) D = RandomID.Next(1000).ToString();

        return A + " " + B + " " + C + " " + D;
    }
}

如何解决此错误?

1 个答案:

答案 0 :(得分:1)

使用参数

修改您的代码,如下所示 
$searchDates = array('Mon', 'Tue', 'Fri');
$amountOfTimes = 27;

$startDate = new DateTime();
$endDate = new DateTime('next monday');
$endDate->modify('+5 years');

$interval = new DateInterval('P1W');
$dateRange = new DatePeriod($startDate, $interval ,$endDate);

// Loop through the weeks
foreach ($dateRange as $weekStart) {
    $weekEnd = clone $weekStart;
    $weekEnd->modify('+6 days');

    $subInterval = new DateInterval('P1D');

    // Generate a DatePeriod for the current week
    $subRange = new DatePeriod($weekStart, $subInterval ,$weekEnd);
    foreach ($subRange as $weekday) {
        if (in_array($weekday, array('Mon', 'Fri', 'Sun'))) {
            // Create event

            // Countdown
            $amountOfTimes--;
        }

        if ($amountOfTimes == 0) {
            break;
        }
    }
}

你没有正确地做事,

  1. 像这样传递参数会引导你进行sql注入
  2. 以避免使用Sql参数
  3. 使用 cmd.CommandText = "Insert into Account values ([@GetID, @Firstname, @Lastname, @Gender, @Email, @RePassword, @GetStringDate, @GetStringTime)"; cmd.Parameters.AddWithValue("@GetID", GetID); cmd.Parameters.AddWithValue("@Firstname", Firstname.Text); cmd.Parameters.AddWithValue("@Lastname", Lastname.Text); cmd.Parameters.AddWithValue("@Gender", Gender.SelectedValue.ToString()); cmd.Parameters.AddWithValue("@Email", Email.Text); cmd.Parameters.AddWithValue("@RePassword", RePassword.Text); cmd.Parameters.AddWithValue("@GetStringDate", GetStringDate); cmd.Parameters.AddWithValue("@GetStringTime", GetStringTime); 进行连接,因此会自动处理

    4. 以下是如何做到这一点的示例,这里的全部内容是使用参数而不是像现在这样的简单查询

    using
相关问题
最新问题