SQL问题 - 不读取NULL值

Question

当我尝试运行代码时，遇到问题，当我将PASSWORD =''设置为下面的代码时，所有代码运行良好。

public int ClearEmployeePasswordById(Employee p) 
{ 
    int result = -1;   
    try 
    {    
     string sql = "UPDATE EMPLOYEE SET " + 
        "PASSWORD=''" + 
        "WHERE Employee_Id=" + p.EmployeeId; 

     Common.logToFile("PosNet.Data.Sybase.cs", "ClearEmployeePasswordById", sql); 
     string r = ExecuteNonQuery(sql); 

     if (!string.IsNullOrEmpty(r)) 
      throw new Exception(r); 

     result = 1; 
     InsertAuditLog(); 
    } 
    catch (Exception ex) 
    { 
     Common.logErrorToFile("PosNet.Data.Sybase.cs", "ClearEmployeePasswordById", ex.Message); 
     //throw ex; 
    } 
    return result; 
} 

但是，当我改变PASSWORD=NULL我与SQL函数，它显示的错误"Reset Password Failed"。它只是读取空字符串，而不是NULL值。为什么会发生？

private void btnPasswordReset_Click(object sender, EventArgs e) 
{ 
    try 
    { 
     string employeeWithoutQuote = lblEmployeeId.Text.Substring(1, 10); 
     int employeeId = int.Parse(employeeWithoutQuote); 
     Employee employee = MF.BC.DA.GetEmployeeByBarcode(employeeId); 
     if (MF.BC.DA.ClearEmployeePasswordById(employee) != 1) 
     { 
      throw new Exception("Reset Password Failed"); 
     } 
     else 
     { 
      MessageBox.Show("Reset Password Success"); 
     } 
    } 
    catch (Exception ex) 
    { 
     MessageBox.Show(ex.Message); 
    } 
} 

Answer 1

改变你的SQL海峡这样的：

string sql = 
    "UPDATE EMPLOYEE SET " + 
    "PASSWORD=NULL " + //NOTE: Added a space 
    "WHERE Employee_Id=" + p.EmployeeId; 

你最终的SQL是错误的不到位的空间。

string sql = "UPDATE EMPLOYEE SET " + 
      "PASSWORD = NULL " 
      "WHERE Employee_Id=" + p.EmployeeId; 

但：

Answer 2

的问题是，你需要有PASSWORD=NULL和WHERE后的空间（你可能已经在你钓到的鱼，说明invalid syntax near '或类似写的日志中） - 避免使用字符串连接一起创建sql查询。它容易受到SQL注入的影响。反而使用Parameterized Queries