I'm trying to run the following query on MS SQL 2012 Express:
我正在尝试在MS SQL 2012 Express上运行以下查询:
Select (
Select Id, Salt, Password, BannedEndDate
from Users
where username = '" + LoginModel.Username + "'
), (
Select Count(*)
From LoginFails
where username = '" + LoginModel.Username + "'
And IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "')"
);
But I get the following error:
但是我收到以下错误:
Only one expression can be specified in the
selectlist when the subquery is not introduced withEXISTS.当未使用EXISTS引入子查询时,只能在选择列表中指定一个表达式。
How can I solve this problem?
我怎么解决这个问题?
2 个解决方案
#1
7
Try this:
尝试这个:
Select
Id,
Salt,
Password,
BannedEndDate,
(Select Count(*)
From LoginFails
Where username = '" + LoginModel.Username + "' And IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "')
From Users
Where username = '" + LoginModel.Username + "'
And I recommend you strongly to use parameters in your query to avoid security risks with sql injection attacks!
我强烈建议您在查询中使用参数以避免sql注入攻击带来的安全风险!
Hope that helps!
希望有所帮助!
#2
6
Try this one -
试试这个 -
"SELECT
ID, Salt, password, BannedEndDate
, (
SELECT COUNT(1)
FROM dbo.LoginFails l
WHERE l.UserName = u.UserName
AND IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "'
) AS cnt
FROM dbo.Users u
WHERE u.UserName = '" + LoginModel.Username + "'"
#1
7
Try this:
尝试这个:
Select
Id,
Salt,
Password,
BannedEndDate,
(Select Count(*)
From LoginFails
Where username = '" + LoginModel.Username + "' And IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "')
From Users
Where username = '" + LoginModel.Username + "'
And I recommend you strongly to use parameters in your query to avoid security risks with sql injection attacks!
我强烈建议您在查询中使用参数以避免sql注入攻击带来的安全风险!
Hope that helps!
希望有所帮助!
#2
6
Try this one -
试试这个 -
"SELECT
ID, Salt, password, BannedEndDate
, (
SELECT COUNT(1)
FROM dbo.LoginFails l
WHERE l.UserName = u.UserName
AND IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "'
) AS cnt
FROM dbo.Users u
WHERE u.UserName = '" + LoginModel.Username + "'"