无法从sql数据库检索带点符号的数据

Question

在我的项目（vb.net）中，我将一个网站的IP地址存储在一个表中，并且列表的类型为nvarchar。但我无法从表格中检索它。我不知道它是否与“点”符号有关。请帮忙。

这是命令我使用

query = "select *from restricted_sites where site_address='" + webip + "'" 

webip是网站的IP地址。

Imports System.Data.SqlClient 
Imports System.Net 
Public Class restrict 
    Private Sub clear_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles clear_button.Click 
     site_TextBox1.Text = "" 
     addr_TextBox1.Text = "" 
    End Sub 
    Private Sub submit_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles submit_button.Click 
     Dim connectionstr As String 
     Dim query As String 
     Dim conn As SqlConnection 
     Dim cmd As SqlCommand 
     Dim webip As String 
     Dim hostname As IPHostEntry = Dns.GetHostByName(addr_TextBox1.Text) 
     Dim ip As IPAddress() = hostname.AddressList 
     Try 
      webip = ip(0).ToString 
      connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" 
      conn = New SqlConnection(connectionstr) 
      conn.Open() 
      query = "insert into restricted_sites values('" + site_TextBox1.Text + "','" + webip + "')" 
      cmd = New SqlCommand(query, conn) 
      cmd.ExecuteNonQuery() 
      MsgBox("Website added for restriction", MsgBoxStyle.Information) 
      conn.Close() 
     Catch ex As SqlException 
     End Try 
    End Sub 
End Class 

Private Sub Combox1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles Combox1.KeyPress 
     If e.KeyChar = Convert.ToChar(Keys.Enter) Then 
      Dim connectionstr As String 
      Dim query As String 
      Dim cmd As SqlCommand 
      Dim reader As SqlDataReader 
      Dim conn As SqlConnection 
      Dim url As String = "" 
      Dim webip As String 
      Dim hostname As IPHostEntry = Dns.GetHostByName(Combox1.Text) 
      Dim ip As IPAddress() = hostname.AddressList 
      webip = ip(0).ToString 
      connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" 
      conn = New SqlConnection(connectionstr) 
      conn.Open() 
      query = "select * from restricted_sites where site_address='" + webip + "'" 
      cmd = New SqlCommand(query, conn) 
      reader = cmd.ExecuteReader 
      While (reader.Read()) 
       url = reader(2) 
      End While 
      reader.Close() 
      MsgBox(url, MsgBoxStyle.Information) 
      If webip <> url Then 
       AxWebBrowser1.Navigate(Combox1.Text) 
       Combox1.Text = AxWebBrowser1.LocationURL 
      Else 
       MsgBox("This Web Page is Restricted.Contact the ADMIN for Further Info", MsgBoxStyle.Critical) 
      End If 
     End If 
     If e.KeyChar = Convert.ToChar(Keys.Escape) Then 
      AxWebBrowser1.Stop() 
     End If 
    End Sub 

第二个代码是比较部。 query =“select * from restricted_sites where site_address ='”+ webip +''“ 此代码是问题所在。 这是我的代码，通过匹配存储在数据库中的IP地址来限制网站，当URL正在导航。

Answer 1

你需要把*和from像这样一个空格：

query = "select * from restricted_sites where site_address='" + webip + "'" 

点符号（想必你在webip的意思），将不会是一个问题，因为它是在一个字符串

Answer 2

您的查询语法错误。你忘记了*和from之间的空间。

select *from restricted_sites 
    ^here 

应该

select * from restricted_sites 

侧面说明，因为你正在使用VBNet，请通过adonet命令做参数化查询和参数作为当前的查询是容易与SQL Injection。

Answer 3

如果你正在做的是检查，如果一个IP地址字符串是在数据库中，你只需要计算该字符串的出现次数的数量：

query = "SELECT COUNT(*) FROM restricted_sites WHERE site_address = @WebIp;" 
cmd = New SqlCommand(query, conn) 
' assumes the ip address column is 15 chars ' 
cmd.Parameters.Add(New SqlParameter With {.ParameterName = "@WebIp", _ 
              .SqlDbType = SqlDbType.NVarChar, _ 
              .Size = 15, _ 
              .Value = webip}) 

conn.Open() 
Dim nFound = CInt(cmd.ExecuteScalar) 
conn.Close() 

If nFound = 0 Then 
    ' site is not in restricted list 
End If 

而且，你不应该在代码中使用SELECT *除了测试以外 - 使用列名而不是*并只检索你所需要的。