1. 首页
  2. 问答
  3. 语法错误信息:System.Data.SqlClient.SqlException:附近有语法错误“=”

语法错误信息:System.Data.SqlClient.SqlException:附近有语法错误“=”

2016-08-04 249 views
0

我收到这个服务器错误,我无法揣摩出麻烦的是:语法错误信息:System.Data.SqlClient.SqlException:附近有语法错误“=”

说明:期间,出现未处理的异常执行当前Web请求的 。请查看堆栈跟踪以获取有关该错误的更多信息以及源代码的位置。

异常详细信息:System.Data.SqlClient.SqlException:'='附近的语法不正确 。

我的代码是在这里:

public partial class v2_kradescription : System.Web.UI.Page 
{ 
SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString()); 

protected void Page_Load(object sender, EventArgs e) 
{ 
     try 
     { 
     // icnoA for appraisee icno 


     string role = ""; 

     string kr_icno = (string)(Session["s_icno"]); 
     string kr_position = (string)(Session["kr_position"]); 
     string kr_description = (string)(Session["kr_description"]); 

     Session["role"] = role; 

     if (role == "KRA") 
     { 
      kr_icno = (string)(Session["s_icno"]); 
      kr_position = (string)(Session["kr_position"]); 
      kr_description = (string)(Session["kr_description"]); 
     } 
      conn.Open(); 
      SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno; 
      conn.Close(); 
     } 

    catch (Exception ex) 
    { 
     lblMsg.Text = ex.Message; //" Error while saving the record."; 
    } 
    //conn.Open(); 
    //string icno = (string)(Session["s_icno"]); 
    //SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = " + icno; 

    //conn.Close(); 

    } 

protected void GridView1_OnRowDataBound(object sender, GridViewRowEventArgs e) 
{ 
    string kr_id = Request.QueryString["kr_id"]; 

    string id = ""; 

    if (e.Row.RowType == DataControlRowType.DataRow) 
    { 
     id = GridView1.DataKeys[e.Row.RowIndex].Values[0].ToString(); 
    } 
    Label lblposition = (Label)e.Row.FindControl("lblposition"); 
    Label lbldescription = (Label)e.Row.FindControl("lbldescription"); 

    if(e.Row.DataItem != null) 
    { 
     conn.Open(); 

     String queryA = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = " + s_icno; 
     SqlCommand cmdA = new SqlCommand(queryA, conn); 
     SqlDataReader drA = cmdA.ExecuteReader(); 

     if (drA.Read()) 
     { 
      lblposition.Text = drA["kr_position"].ToString(); 
      lbldescription.Text = drA["kr_description"].ToString(); 
     } 
     drA.Close(); 
    } 
} 

protected void GridView1_OnRowEdited(object sender, GridViewEditEventArgs e) 
{ 
    GridView1.EditIndex = e.NewEditIndex; 
} 

    protected void GridView1_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e) 
{ 
    GridView1.Focus(); 
} 

protected void GridView1_OnRowUpdated(object sender, GridViewUpdateEventArgs e) 
{ 
    Response.Redirect("kra_description.aspx?Sucess"); 
} 

protected void OnPaging(object sender, GridViewPageEventArgs e) 
{ 
    GridView1.PageIndex = e.NewPageIndex; 
} 

protected void btnPreview_Click(object sender, EventArgs e) 
{ 
      Response.Redirect("kra_pdf.aspx"); 
} 

protected void btnSubmit_Click(object sender, EventArgs e) 
{ 
    if (Page.IsValid) 
    { 

     string kricno = (string)(Session["s_icno"]); 
     string krid = (string)(Session["kr_id"]); 
     string krdescription = (string)(Session["kr_description"]); 
     string krposition = (string)(Session["kr_position"]); ; 

     try 
     { 

      // get requester name, companyid, primary appraiser of requester 

      String queryA = "SELECT kr_id, kr_description, kr_position FROM tblKRAObjective WHERE s_icno = '"+kricno; 
      SqlCommand cmdA = new SqlCommand(queryA); 
      SqlDataReader drA = cmdA.ExecuteReader(); 

      if (drA.Read()) 
      { 
       krid = drA["kr_id"].ToString(); 
       kricno = drA["kr_icno"].ToString(); 
       krdescription = drA["kr_description"].ToString(); 
       krposition = drA["kr_position"].ToString(); 
      } 
      drA.Close(); 

      SqlCommand cmd1 = new SqlCommand(); 
      cmd1.CommandType = CommandType.StoredProcedure; 

      cmd1.Parameters.Add("@kr_id", SqlDbType.NVarChar).Value = krid.ToString(); 
      cmd1.Parameters.Add("@kr_descpription", SqlDbType.NVarChar).Value = krdescription.ToString(); 
      cmd1.Parameters.Add("@kr_position", SqlDbType.NVarChar).Value = krposition.ToString(); 
      cmd1.Parameters.Add("@kr_icno", SqlDbType.NVarChar).Value = kricno.ToString(); 

      cmd1.ExecuteNonQuery(); 


      } 
       catch (Exception ex) 
     { 
      lblMsg.Text = ex.Message; //" Error while saving the record."; 
     } 
     Response.Redirect("kra_dashboard.aspx"); 
    } 
} 


protected void btnAddNew_Click(object sender, EventArgs e) 
{ 

} 
}

来源

2016-08-04 fadilla ' atyka

+0

,想到的第一件事是:'s_icno'为空或空。 –

+2

真的吗?你需要我们的帮助来发现你已经把你的表名和'WHERE'关键字放在一起了吗? –

+0

请勿在查询中连接字符串!改用'SqlParameter's。 – user3185569

回答

3

在这一行你缺少和Where

SqlDataSource1.SelectCommand = "SELECT kr_id, kr_position, kr_description FROM tblKRAObjectiveWHERE kr_icno = " + s_icno;

表名之间的空间试试这个:

"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";

并且为了避免Sql Injections使用Parameterized queries

来源

2016-08-04 07:05:45

+1

不要鼓励SQL查询cancatenate! –

+0

@PawełDyl - 我不知道。有时候只需要耐心等到编辑完成 –

+0

好的谢谢。我已经解决了这个问题。但现在我得到了另一个错误 - >多部分标识符“System.Web.UI.WebControls.HiddenField”无法绑定。 –

0

请大家给空间之前在哪里,单引号也添加到您的参数,因为它是字符串

试试下面

"SELECT kr_id, kr_position, kr_description FROM tblKRAObjective WHERE kr_icno = '" + s_icno + "'";

来源

2016-08-04 07:10:06

相关问题

 相关问题