我正在尝试在ASP.net中创建一个Web,它向我展示了我们组织发布的出版物 . 这是cs文件中的一些代码 .
//2nd - Setup SQL Command
SqlCommand cmd = new SqlCommand("SELECT [IDTip], [Date], CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image], REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS ContentConverted, Recognition, FROM tips WHERE IDTip =" + Request.QueryString["IDTip"], new SqlConnection(HealthReachConString));
//3rd - Attempt to open the connection to the DB
cmd.Connection.Open();
//4th - Go and fetch some data and apply it to our controls
SqlDataReader objReader = cmd.ExecuteReader();
while (objReader.Read())
{
lblDate.Text = objReader.GetString(2);
lblTitle.Text = objReader.GetString(4);
lblTip.Text = Convert.ToString(objReader["ContentConverted"]);
imgContentPicture.ImageUrl = "~/files/Health_Tips/" + objReader.GetString(5);
if (objReader.GetString(5) == " " || objReader.GetString(5) == "")
{
imgContentPicture.Visible = false;
}
else
{
imgContentPicture.Visible = true;
}
}
objReader.Close();
cmd.Connection.Close();
这是我得到的错误 .
'/'应用程序中的服务器错误 . 关键字“FROM”附近的语法不正确 . 描述:执行当前Web请求期间发生未处理的异常 . 请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息 . 异常详细信息:System.Data.SqlClient.SqlException:关键字“FROM”附近的语法不正确 . 源错误:第23行:第24行:第4行 - 转到并获取一些数据并将其应用于我们的控件第25行:SqlDataReader objReader = cmd.ExecuteReader();第26行:while(objReader.Read())第27行:{Stack Trace:[SqlException(0x80131904):关键字'FROM'附近的语法不正确 . ] System.Data.SqlClient.SqlConnection.OnError(SqlException exception,Boolean breakConnection, Action
1 wrapCloseInAction)1791910 System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception,Boolean breakConnection,Action1 wrapCloseInAction)5347106 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec> t stateObj,Boolean callerHasConnectionLock,Boolean asyncClose)546 System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean&dataReady)1693 System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()61 System.Data.SqlClient.SqlDataReader.get_MetaData ()90 System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds,RunBehavior runBehavior,String resetOptionsString)377 S ystem.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async,Int32 timeout,Task&task,Boolean asyncWrite,SqlDataReader ds)1421 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior ,Boolean returnStream,String方法,TaskCompletionSource`1完成,Int32超时,任务和任务,布尔asyncWrite)177 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method)53 System.Data.SqlClient .SqlCommand.ExecuteReader(CommandBehavior behavior,String method)137 System.Data.SqlClient.SqlCommand.ExecuteReader()99在E:\ web \ healthreach \ htdocs \ Tips_Detail.aspx.cs中的PressRoom_Detail.Page_Load(Object sender,EventArgs e): 25 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender,EventArgs e)51 System.Web.UI.Control.OnLoad(EventArgs e)92 System.Web.UI.Control.Load Recursive()54 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint)772
知道发生了什么事吗?
2 回答
为了澄清您的问题,额外的逗号向SQL指示存在另一个参数,但您的参数是
FROM. 在FROM之前删除逗号后,您的语法应该有效 . 假设您已为CONVERT和Alias函数指明了正确的语法 .我还想表明您的查询容易出现SQL注入 . 要解决该部分,您应该:
这就是我在评论中看到的查询中的错误 .
额外的垃圾: