I am trying to create a web in ASP.net where it shows me publications that our organization puts out. Here's some code from the cs file.
我正在尝试在ASP.net中创建一个Web,它向我展示了我们组织发布的出版物。这是cs文件中的一些代码。
//2nd - Setup SQL Command
SqlCommand cmd = new SqlCommand("SELECT [IDTip], [Date], CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image], REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS ContentConverted, Recognition, FROM tips WHERE IDTip =" + Request.QueryString["IDTip"], new SqlConnection(HealthReachConString));
//3rd - Attempt to open the connection to the DB
cmd.Connection.Open();
//4th - Go and fetch some data and apply it to our controls
SqlDataReader objReader = cmd.ExecuteReader();
while (objReader.Read())
{
lblDate.Text = objReader.GetString(2);
lblTitle.Text = objReader.GetString(4);
lblTip.Text = Convert.ToString(objReader["ContentConverted"]);
imgContentPicture.ImageUrl = "~/files/Health_Tips/" + objReader.GetString(5);
if (objReader.GetString(5) == " " || objReader.GetString(5) == "")
{
imgContentPicture.Visible = false;
}
else
{
imgContentPicture.Visible = true;
}
}
objReader.Close();
cmd.Connection.Close();
Here's the error that I get.
这是我得到的错误。
Server Error in '/' Application.
Incorrect syntax near the keyword 'FROM'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'FROM'.'/'应用程序中的服务器错误。关键字“FROM”附近的语法不正确。描述:执行当前Web请求期间发生未处理的异常。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。异常详细信息:System.Data.SqlClient.SqlException:关键字“FROM”附近的语法不正确。
Source Error:
Line 23:
Line 24: //4th - Go and fetch some data and apply it to our controls Line 25: SqlDataReader objReader = cmd.ExecuteReader();
Line 26: while (objReader.Read())
Line 27: {第23行:第24行:第4行 - 转到并获取一些数据并将其应用于我们的控件第25行:SqlDataReader objReader = cmd.ExecuteReader();第26行:while(objReader.Read())第27行:{
Stack Trace:
[SqlException (0x80131904): Incorrect syntax near the keyword 'FROM'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +1791910
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5347106 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec>t stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +1693
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +61
System.Data.SqlClient.SqlDataReader.get_MetaData() +90
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +377
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) +1421
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite) +177
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +53 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +137
System.Data.SqlClient.SqlCommand.ExecuteReader() +99
PressRoom_Detail.Page_Load(Object sender, EventArgs e) in E:\web\healthreach\htdocs\Tips_Detail.aspx.cs:25
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772[SqlException(0x80131904):关键字'FROM'附近的语法不正确。] System.Data.SqlClient.SqlConnection.OnError(SqlException异常,Boolean breakConnection,Action`1 wrapCloseInAction)+1791910 System.Data.SqlClient.SqlInternalConnection.OnError(SqlException) exception,Boolean breakConnection,Action`1 wrapCloseInAction)+5347106 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec> t stateObj,Boolean callerHasConnectionLock,Boolean asyncClose)+546 System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,SqlCommand cmdHandler ,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean&dataReady)+1693 System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()+61 System.Data.SqlClient.SqlDataReader.get_MetaData()+90 System.Data.SqlClient.SqlCommand.FinishExecuteReader (SqlDataReader ds,RunBehavior runBehavior,String resetOptionsString)+377 System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(Comman dBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,Boolean async,Int32 timeout,Task&task,Boolean asyncWrite,SqlDataReader ds)+1421 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String method,TaskCompletionSource` 1完成,Int32超时,任务和任务,布尔asyncWrite)+177 System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,RunBehavior runBehavior,Boolean returnStream,String方法)+53 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior ,String方法)+137 System.Data.SqlClient.SqlCommand.ExecuteReader()+99 PressRoom_Detail.Page_Load(Object sender,EventArgs e)位于E:\ web \ healthreach \ htdocs \ Tips_Detail.aspx.cs:25 System.Web。 Util.CalliEventHandlerDelegateProxy.Callback(Object sender,EventArgs e)+51 System.Web.UI.Control.OnLoad(EventArgs e)+92 System.Web.UI.Control.LoadRecursive()+54 System.Web.UI.Page。 ProcessRequestMain(布尔ean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint)+772
Any idea what's going on?
知道发生了什么事吗?
2 个解决方案
#1
3
To clarify your issue, the extra comma is indicating to SQL that another parameter is present, however your parameter is your FROM. Once you remove the comma before the FROM your syntax should be valid. Assuming that you have indicated proper syntax for your CONVERT and Alias functions.
为了澄清您的问题,额外的逗号向SQL指示存在另一个参数,但您的参数是您的FROM。在FROM之前删除逗号后,您的语法应该有效。假设您已为CONVERT和Alias函数指明了正确的语法。
I'd also like to indicate that your query is prone to SQL Injection. To resolve that portion you should do:
我还想表明您的查询很容易出现SQL注入。要解决该部分,您应该:
SELECT [IDTip], [Date],
CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image],
REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS [ContentConverted], [Recognition]
FROM [Tips]
WHERE ([IDTip] = @Id);
That is what I saw as faults in the query in my review.
这就是我在评论中看到的查询中的错误。
#2
2
Extra junk:
SELECT ... Recognition, FROM ...
^---
#1
3
To clarify your issue, the extra comma is indicating to SQL that another parameter is present, however your parameter is your FROM. Once you remove the comma before the FROM your syntax should be valid. Assuming that you have indicated proper syntax for your CONVERT and Alias functions.
为了澄清您的问题,额外的逗号向SQL指示存在另一个参数,但您的参数是您的FROM。在FROM之前删除逗号后,您的语法应该有效。假设您已为CONVERT和Alias函数指明了正确的语法。
I'd also like to indicate that your query is prone to SQL Injection. To resolve that portion you should do:
我还想表明您的查询很容易出现SQL注入。要解决该部分,您应该:
SELECT [IDTip], [Date],
CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image],
REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS [ContentConverted], [Recognition]
FROM [Tips]
WHERE ([IDTip] = @Id);
That is what I saw as faults in the query in my review.
这就是我在评论中看到的查询中的错误。
#2
2
Extra junk:
SELECT ... Recognition, FROM ...
^---