我在.NET上使用SQL服务器在后端工作
我有一个数据库,我使用Web控件创建一个记录 - 然后我需要更新一些字段.
我可以捕获sql语句并在sql server中成功运行它 - 但是,当我尝试运行执行非查询时,我收到以下错误:
未处理的执行错误'<'附近的语法不正确.在System.Data.SqlClient.SqlConnection.OnError(SqlException异常,布尔breakConnection)在System.Data.SqlClient.SqlInternalConnection.OnError(SqlException异常,布尔breakConnection)在System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)在系统System.Data.SqlClient.SqlCommand的System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName,Boolean async)处于.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj). TestAPI上的System.Data.SqlClient.SqlCommand.ExecuteNonQuery()中的InternalExecuteNonQuery(DbAsyncResult结果,String methodName,Boolean sendToPipe).
这是我的功能:
Public Function UpdateTicketValues(ByVal srId As String) As Boolean
Dim result As Boolean
Dim myCDataReader As System.Data.SqlClient.SqlDataReader
Dim myUConn As New System.Data.SqlClient.SqlConnection
Dim myCCmd As New System.Data.SqlClient.SqlCommand
Dim myUCmd As New System.Data.SqlClient.SqlCommand
Dim strSQL As String
strSQL = "SELECT Contact_RecId, First_Name, Last_Name, PhoneNbr, Extension, Email FROM vti_ContactInformation " & _
"WHERE Company_RecId = " & CoId & " AND Email = '" & txtEmail.Text & "'"
myCConn.Open()
myUConn = New System.Data.SqlClient.SqlConnection("Data Source=x;Initial Catalog=x;User Id=x;Password=x;Trusted_Connection=False")
myUConn.Open()
myCCmd.Connection = myCConn
myCCmd.CommandText = strSQL
myCDataReader = myCCmd.ExecuteReader
If myCDataReader.Read() Then
'Run update with contact information
strSQL = "UPDATE SR_Service " & _
"SET Contact_RecId = " & myCDataReader.GetValue(0) & ", " & _
" Contact_Name = '" & myCDataReader.GetValue(1) & " " & myCDataReader.GetValue(2) & "', " & _
" PhoneNbr = '" & myCDataReader.GetValue(3) & "', " & _
" Extension = '" & myCDataReader.GetValue(4) & "', " & _
" Email_Address = '" & myCDataReader.GetValue(5) & "' " & _
"WHERE SR_Service_RecId = " & srId & " "
myUCmd.Connection = myUConn
myUCmd.CommandText = strSQL
'myCCmd.ExecuteNonQuery()
lblServiceRequest.Text = myUCmd.CommandText
result = True
Else
myUCmd.CommandText = ""
result = False
End If
If myUCmd.CommandText <> "" Then
myUCmd.ExecuteNonQuery()
End If
myCConn.Close()
myUConn.Close()
Return result
End Function
任何帮助表示赞赏!
在我看到错误可能在哪里之前我建议你立即停止你做什么,并首先改变所有sql代码使用参数.如果你不这样做你的网站将开放sql注入攻击,可以破坏你的数据库.
找出问题运行的位置探查器并检查stmt:starting和stmt:completed事件.
京公网安备 11010802040832号 | 京ICP备19059560号-6 