3

我收到此错误:System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near '12'.

错误发生pbkDB.ExecuteNonQuery(dbCommand)在线路上。

#region Enhancements_Update
private static bool Enhancements_Update(DataRow dr)
{
   bool inserted = false;
   DateTime dt;
   Database pbkDB = DatabaseFactory.CreateDatabase("PbKConnectionString");

   try
   {
      ChargeCode = dr["ChargeCode"].ToString().Trim();
      NcicCode = dr["NcicCode"].ToString().Trim();
      Description = String.IsNullOrEmpty(dr["Description"].ToString().Trim()) ? null : dr["Description"].ToString().Trim();
      MachCr = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachCr"].ToString().Trim();
      EnterUserId = String.IsNullOrEmpty(dr["EnterUserId"].ToString().Trim()) ? "KSCONV" : dr["EnterUserId"].ToString().Trim();
      EnterDate = DateTime.TryParse(dr["EnterDate"].ToString(), out dt) ? dt : DateTime.Now;
      UpdateUserId = String.IsNullOrEmpty(dr["UpdateUserId"].ToString().Trim()) ? "KSCONV" : dr["UpdateUserId"].ToString().Trim();
      UpdateDate = DateTime.TryParse(dr["UpdateDate"].ToString(), out dt) ? dt : DateTime.Now;
      EnactedDate = DateTime.TryParse(dr["EnactedDate"].ToString(), out dt) ? dt : DateTime.Now;
      if (DateTime.TryParse(dr["RepealedDate"].ToString(), out dt))
         RepealedDate = dt;
      else
         RepealedDate = null;
      UsageType = String.IsNullOrEmpty(dr["UsageType"].ToString().Trim()) ? null : dr["UsageType"].ToString().Trim();
      LanguageFile = String.IsNullOrEmpty(dr["LanguageFile"].ToString().Trim()) ? null : dr["LanguageFile"].ToString().Trim();
      MachChar = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachChar"].ToString().Trim();
      NotesOnUse = String.IsNullOrEmpty(dr["NotesOnUse"].ToString().Trim()) ? null : dr["NotesOnUse"].ToString().Trim();
      SentenceSeverity = String.IsNullOrEmpty(dr["SentenceSeverity"].ToString().Trim()) ? null : dr["SentenceSeverity"].ToString().Trim();

      DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format(@"Update tblCtStateChargeNcic set  Description = '{2}',  MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5}, UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8}, RepealedDate = {9},  UsageType = '{10}', LanguageFile = '{11}', MachChar = '{12}', NotesOnUse = '{13}',                       SentenceSeverity = '{14}' where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode, NcicCode, Description, MachCr, EnterUserId, EnterDate, UpdateUserId,                     UpdateDate, EnactedDate, RepealedDate, UsageType, LanguageFile, MachChar, NotesOnUse, SentenceSeverity));

      // error occurs here!
      pbkDB.ExecuteNonQuery(dbCommand);
      inserted = true;
   }
   catch (Exception ex)
   {
      Console.WriteLine(ex.ToString());
   }
   return inserted;
}
#endregion
4

4 回答 4

6

您应该使用sql 参数而不是自己构建字符串。

无论如何,这是您的错误:

UpdateDate {7}, EnactedDate {8}

你失踪了=

UpdateDate = {7}, EnactedDate = {8}
于 2013-10-28T20:09:10.177 回答
3

您缺少 UpdateDate {7}、EnactedDate {8} 的 =

于 2013-10-28T20:07:18.337 回答
2

问题是日期值必须用引号括起来(很可能是撇号)。

您的字符串格式不正确。

为了记录,使用字符串创建 SQL 语句是一个可怕的想法。使用参数化查询,并使用 AddParameterWithValue 方法添加参数值。这种字符串拼接是 SQL 注入攻击的主要候选者。

于 2013-10-28T20:22:49.220 回答
1

改变:

DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
                      (@"Update tblCtStateChargeNcic set  Description = '{2}',  
                      MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5}, 
                      UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8}, 
                      RepealedDate = {9},  UsageType = '{10}', LanguageFile = '{11}', 
                      MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
                      where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode, 
                      NcicCode, Description, MachCr, EnterUserId, EnterDate, 
                      UpdateUserId, UpdateDate, EnactedDate, RepealedDate, 
                      UsageType, LanguageFile, MachChar, NotesOnUse, 
                      SentenceSeverity));

至:

DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
                      (@"Update tblCtStateChargeNcic set  Description = '{2}',  
                      MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5}, 
                      UpdateUserId = '{6}', UpdateDate = {7}, EnactedDate = {8}, 
                      RepealedDate = {9},  UsageType = '{10}', LanguageFile = '{11}', 
                      MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
                      where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode, 
                      NcicCode, Description, MachCr, EnterUserId, EnterDate, 
                      UpdateUserId, UpdateDate, EnactedDate, RepealedDate, 
                      UsageType, LanguageFile, MachChar, NotesOnUse,
                      SentenceSeverity));

UpdateDate您为and省略了“=” EnactedDate

于 2013-10-28T20:09:36.897 回答