14

我正在尝试在 MS SQL 2012 Express 上运行以下查询:

Select (
    Select Id, Salt, Password, BannedEndDate
    from Users
    where username = '" + LoginModel.Username + "'
), (
    Select Count(*)
    From LoginFails
    where username = '" + LoginModel.Username + "'
    And IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "')"
);

但我收到以下错误:

select当不使用 引入子查询时,列表中只能指定一个表达式EXISTS

我怎么解决这个问题?

4

2 回答 2

7

试试这个——

"SELECT 
       ID, Salt, password, BannedEndDate
     , (
          SELECT COUNT(1)
          FROM dbo.LoginFails l
          WHERE l.UserName = u.UserName
               AND IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "'
      ) AS cnt
FROM dbo.Users u
WHERE u.UserName = '" + LoginModel.Username + "'"
于 2013-07-01T11:38:03.953 回答
7

尝试这个:

 Select 
    Id, 
    Salt, 
    Password, 
    BannedEndDate, 
    (Select Count(*) 
        From LoginFails 
        Where username = '" + LoginModel.Username + "' And IP = '" + Request.ServerVariables["REMOTE_ADDR"] + "')
 From Users 
 Where username = '" + LoginModel.Username + "'

我强烈建议您在查询中使用参数,以避免 sql 注入攻击的安全风险!

希望有帮助!

于 2013-07-01T11:39:47.717 回答