几个,我的计划是处理创建在读取日志表中的记录中的记录:VB.Net:逃避查询字符串单打引号使用一个变量,单引号
仪器:不正确的语法's'附近。在字符串'))'之后未使用引号。
该代码使用内联查询,该查询将字符串变量的值连接到SELECT和SubQueries中的WHERE子句。
代码:
SQL = "SELECT instrument_id, description, sub_category_of, meta_instrument" _
& " FROM instruments " _
& " WHERE (instrument_id IN " _
& " (SELECT instrument_id " _
& "FROM instruments " _
& "WHERE (description = '" & strn & "'))) " _
& "OR (instrument_id IN " _
& " (SELECT sub_category_of " _
& " FROM instruments AS instruments_1 " _
& " WHERE (description = '" & strn & "'))) " _
& "OR (instrument_id IN " _
& " (SELECT meta_instrument " _
& " FROM instruments AS instruments_1 " _
& " WHERE (description = '" & strn & "')))"
是被针对SQL Server执行的实际查询:
SELECT instrument_id, description, sub_category_of, meta_instrument _
FROM instrument_ref
WHERE (instrument_id IN
(SELECT instrument_id
FROM instruments
WHERE (description = 'Women's Choir')))
OR (instrument_id IN
(SELECT sub_category_of
FROM instruments AS instruments_1
WHERE (description = 'Women's Choir')))
OR (instrument_id IN
(SELECT meta_instrument
FROM instruments AS instruments_1
WHERE (description = 'Women's Choir')))
我想怎么单引号可以让这个错误可以被处理,以寻求帮助被纠正。我是否在'strn'变量中转义它,还是在内联查询中执行?
非常感谢。
用''替换'' – artm
使用参数来提供您的信息以避免这些问题。 – LarsTech
......这些问题和*许多*其他 – Plutonix