1

我查看了不同的链接(例如这个,但我仍然无法获得此错误消息的来源。我继续数列,昏迷等等,却找不到问题出在哪里。

int exId = stride.getExerciseId();
string timestamp = stride.getTimeStamp();
int startSec = stride.getBeginningSec();
int startMsec = stride.getBeginningMSec();
int endSec = stride.getEndSec();
int endMSec = stride.getEndMSec();
float length = stride.getLength();
float duration = stride.getDuration();
float steplength = stride.getStepLength();
float stepDuration = stride.getStepDuration();
string supportingFoot = stride.getSupportingFoot();

string query = "INSERT INTO singlesupportstate (ExerciseId , TimeStamp , SingleSupportStateStartSeconds , SingleSupportStateStartMSeconds , SingleSupportStateEndSeconds , SingleSupportStateEndMSeconds , StrideLength , StrideDuration , StepLength , StepDuration , SupportingFoot) 
VALUES("+ exId +",'" + timestamp +"',"+ startSec +"," + startMsec + "," + endSec + "," + endMSec + "," + length +"," + duration + "," + steplength + "," + duration + ",'" + supportingFoot + "')";
if (this.OpenConnection() == true)
{
     MySqlCommand cmd = new MySqlCommand(query, connection);
     cmd.ExecuteNonQuery();
     this.CloseConnection();
}

编辑 :

因此,我更改了代码以使用参数化查询,这是有效的新代码:

if (this.OpenConnection() == true)
        {
            MySqlCommand cmd = connection.CreateCommand() ;
            cmd.CommandText = "INSERT INTO singlesupportstate (ExerciseId , TimeStamp , SingleSupportStateStartSeconds , SingleSupportStateStartMSeconds , SingleSupportStateEndSeconds , SingleSupportStateEndMSeconds , StrideLength , StrideDuration , StepLength , StepDuration , SupportingFoot) "
                +" VALUES(@exId,@timestamp,@startSec,@startMsec,@endSec,@endMSec,@length,@duration,@steplength,@stepduration,@supportingFoot)";

            cmd.Parameters.Add("@exId", MySqlDbType.Int32);
            cmd.Parameters.Add("@timestamp",MySqlDbType.Timestamp);
            cmd.Parameters.Add("@startMsec",MySqlDbType.Int32);
            cmd.Parameters.Add("@startSec",MySqlDbType.Int32);
            cmd.Parameters.Add("@endSec",MySqlDbType.Int32);
            cmd.Parameters.Add("@endMSec",MySqlDbType.Int32);
            cmd.Parameters.Add("@length", MySqlDbType.Float);
            cmd.Parameters.Add("@duration",MySqlDbType.Float);
            cmd.Parameters.Add("@steplength",MySqlDbType.Float);
            cmd.Parameters.Add("@stepduration", MySqlDbType.Float);
            cmd.Parameters.Add("@supportingfoot", MySqlDbType.Text);

            cmd.Parameters["@exId"].Value = exId;
            cmd.Parameters["@timestamp"].Value = timestamp;
            cmd.Parameters["@startMsec"].Value = startMsec;
            cmd.Parameters["@startSec"].Value = startSec;
            cmd.Parameters["@endSec"].Value = endSec;
            cmd.Parameters["@endMSec"].Value = endMSec;
            cmd.Parameters["@length"].Value = length;
            cmd.Parameters["@duration"].Value = duration;
            cmd.Parameters["@steplength"].Value =steplength;
            cmd.Parameters["@stepduration"].Value =stepDuration;
            cmd.Parameters["@supportingfoot"].Value =supportingFoot;
            cmd.CommandTimeout = 120;
            cmd.ExecuteNonQuery();
            this.CloseConnection();
        }
4

2 回答 2

2

这意味着连接中的一个值破坏了 INSERT,因为它具有逗号或字符串分隔符,从而破坏了整个query字符串

在执行之前查看连接query的实际字符串

无论如何都要使用参数来消除这个问题并减轻 SQL 注入风险。

singlesupportstate另一个选项是在INSERT 也有损坏的表上的触发器(用于审计或历史记录) 。

于 2013-07-04T14:11:38.173 回答
0

可能发生的是以下两件事之一:

1)有'引号使您的查询看起来它具有较少的值,因为它吃掉了逗号。2)有数字被格式化为逗号而不是点,导致数字123.45显示为123,45,从而使查询认为有两个整数值:12345导致值太多。

正如其他人所说,尝试使用查询参数,这不会再次发生。它还为您节省了大量手动转义字符串。

于 2013-07-04T14:15:22.787 回答