2

我想填充一个组合框,但我想通过一个名为“id_group”的参数对数据进行排序。我写了一个代码,但它不起作用。在这一行中发生了一个异常,上面写着“语法不正确”:

SqlDataReader sd = sc.ExecuteReader();

这是我的所有代码:

int id_group=5;
SqlConnection conn = new SqlConnection();
SqlCommand sc = conn.CreateCommand();
sc.CommandText = "SELECT STUDENT FROM FACULTY WHERE ID_GROUP '" + id_group + "'";
conn.Open();
SqlDataReader sd = sc.ExecuteReader(); //this happens exception - "incorrect syntax"
while (sd.Read())
{
    string graduate = (string)sd["STUDENT"];
    Student_comboBox.Items.Add(graduate);
}
conn.Close();

如何让它发挥作用?还有其他方法可以通过参数过滤数据吗?

4

1 回答 1

4

实际上你的查询中缺少=,所以这应该是这样的,

sc.CommandText = "SELECT STUDENT FROM FACULTY WHERE ID_GROUP = '" + 
                                                    id_group + "'";

但请务必参数化以避免SQL Injection

sc.CommandText = "SELECT STUDENT FROM FACULTY WHERE ID_GROUP = @groupID";
sc.Parameters.AddWithValue("@groupID", id_group);

来源

于 2012-12-06T03:50:06.237 回答