我正在接收
OleDBException 是“查询表达式 '(StudentID = 100' OR StudentName = 'Nick' OR StudentCNCI = '78894452)Bob'中的语法错误(缺少运算符)”的未处理错误。
private void btnFind_Click(object sender, EventArgs e)
{
string title = textBox1.Text.ToString();
string queryString = "SELECT * FROM Students WHERE (StudentID = " + StudIDTb.Text.ToString() + "' OR StudentName = '" + StudNameTb.Text.ToString() + "' OR StudentCNCI = '" + StudCNCITb.Text.ToString() + ")" + title;
OleDbCommand command = new OleDbCommand();
command.CommandText = queryString;
command.Connection = myCon;
myCon.Open();
OleDbDataReader dr = command.ExecuteReader(); // error pointing here
while (dr.Read())
{
StudIDTb.Text += String.Format("StudentID: {0}\n", dr["StudentID"].ToString());
StudNameTb.Text += String.Format("StudentName: {0}\n", dr["StudentName"].ToString());
StudCNCITb.Text += String.Format("StudentCNIC: {0}\n", dr["StudentCNIC"].ToString());
StudDOBTb.Text += String.Format("StudentDOB: {0}\n", dr["StudentDOB"].ToString());
}
myCon.Close();
}
我也试过...
string queryString = "SELECT * FROM Students WHERE (StudentID = " + StudIDTb.Text + "' OR StudentName = '" + StudNameTb.Text + "' OR StudentCNCI = '" + StudCNCITb.Text + ")" + title;
我不想给你错误的印象,我很“懒惰”,但我假设我收到了这个错误,因为我的查询不正确,或者我犯了拼写错误,或者可能是其他原因。请有人可以帮助我,在此先感谢。
ps 我知道我因为不使用参数化查询而受到批评。一旦我得到基本权利,我会改变它。我知道这里已经问了很多类似的问题,但我仍然无法正确回答。
更新 1 我已将其更改为
"SELECT * FROM Students WHERE StudentID = " + StudIDTb.Text + " OR StudentName = '" + StudNameTb.Text + "', OR StudentCNCI = '" + StudCNCITb.Text + ")";
我现在收到错误...
查询表达式中的语法错误(逗号)
我正在调查它
更新 2
string queryString = "SELECT * FROM Students WHERE StudentID = " + StudIDTb.Text + "' OR StudentName = '" + StudNameTb.Text + "' OR StudentCNCI = '" + StudCNCITb.Text + "'";
收到同样的错误。
调查它
更新 3 如果无法解决,我会按照应有的方式进行操作,如果这意味着解决问题并且可能很容易发现代码的任何问题,则强烈建议使用参数化查询