“关键字'WHERE'附近的语法不正确”例外

时间:2021-12-20 01:07:34
  SqlCommand cmd1 = new SqlCommand("INSERT INTO Userinformation(Access)
          VALUES("+nameAccess.Text+") WHERE User_ID='"+userIdaccess.Text+"'",con);
  SqlDataReader dr = cmd1.ExecuteReader();
  if (dr.Read())
  {
    MessageBox.Show("User Access Blocked");
  }
  dr.Close();

It is giving an exeption as below:

它给出的例外如下:

"incorrect syntax near keyword 'WHERE' "

“关键字'WHERE'附近的语法不正确”

4 个解决方案

#1


5  

Use parametrized queries to avoid SQL injection and also ensure to properly encode the query and also wrap your IDisposable resources in using statements to avoid leaking unmanaged handles. Also an INSERT SQL statement doesn't have a WHERE clause:

使用参数化查询来避免SQL注入,并确保正确编码查询,并将IDisposable资源包装在using语句中,以避免泄漏非托管句柄。 INSERT SQL语句也没有WHERE子句:

using (SqlCommand cmd1 = new SqlCommand("INSERT INTO Userinformation(Access) VALUES(@NameAccess)", con))
{
    cmd1.Parameters.AddWithValue("@NameAccess", nameAccess.Text);

    using (SqlDataReader dr = cmd1.ExecuteReader())
    {
        if (dr.Read())
        {
            MessageBox.Show("User Access Blocked");
        }
    }
}

Everytime you use the + operator when building a SQL query you are doing it wrong.

在构建SQL查询时,每次使用+运算符时都会出错。

#2


1  

You can't do INSERT .. VALUES... WHERE, that's why. It's invalid syntax.

你不能做INSERT .. VALUES ......在哪里,这就是原因。这是无效的语法。

Insert Syntax : http://msdn.microsoft.com/en-us/library/ms174335.aspx

插入语法:http://msdn.microsoft.com/en-us/library/ms174335.aspx

#3


1  

INSERT INTO doesn't have a WHERE clause. You can either do an UPDATE... WHERE your clause is met or insert both user info and user id as a new row.

INSERT INTO没有WHERE子句。您可以执行UPDATE ... WHERE您的子句被满足,或者将用户信息和用户ID作为新行插入。

#4


-1  

try this code :

试试这段代码:

SqlCommand cmd1 = new SqlCommand("INSERT INTO Userinformation(Access)
                                   VALUES('"+nameAccess.Text+"')",con);
SqlDataReader dr = cmd1.ExecuteReader();
if (dr.Read())
{
   MessageBox.Show("User Access Blocked");
}
dr.Close();

Insert query have no where clause

插入查询没有where子句

#1


5  

Use parametrized queries to avoid SQL injection and also ensure to properly encode the query and also wrap your IDisposable resources in using statements to avoid leaking unmanaged handles. Also an INSERT SQL statement doesn't have a WHERE clause:

使用参数化查询来避免SQL注入,并确保正确编码查询,并将IDisposable资源包装在using语句中,以避免泄漏非托管句柄。 INSERT SQL语句也没有WHERE子句:

using (SqlCommand cmd1 = new SqlCommand("INSERT INTO Userinformation(Access) VALUES(@NameAccess)", con))
{
    cmd1.Parameters.AddWithValue("@NameAccess", nameAccess.Text);

    using (SqlDataReader dr = cmd1.ExecuteReader())
    {
        if (dr.Read())
        {
            MessageBox.Show("User Access Blocked");
        }
    }
}

Everytime you use the + operator when building a SQL query you are doing it wrong.

在构建SQL查询时,每次使用+运算符时都会出错。

#2


1  

You can't do INSERT .. VALUES... WHERE, that's why. It's invalid syntax.

你不能做INSERT .. VALUES ......在哪里,这就是原因。这是无效的语法。

Insert Syntax : http://msdn.microsoft.com/en-us/library/ms174335.aspx

插入语法:http://msdn.microsoft.com/en-us/library/ms174335.aspx

#3


1  

INSERT INTO doesn't have a WHERE clause. You can either do an UPDATE... WHERE your clause is met or insert both user info and user id as a new row.

INSERT INTO没有WHERE子句。您可以执行UPDATE ... WHERE您的子句被满足,或者将用户信息和用户ID作为新行插入。

#4


-1  

try this code :

试试这段代码:

SqlCommand cmd1 = new SqlCommand("INSERT INTO Userinformation(Access)
                                   VALUES('"+nameAccess.Text+"')",con);
SqlDataReader dr = cmd1.ExecuteReader();
if (dr.Read())
{
   MessageBox.Show("User Access Blocked");
}
dr.Close();

Insert query have no where clause

插入查询没有where子句