读书人
栏目

asp.net 后盾添加数据时 提示DBHelpe

发布时间: 2013-03-04 17:22:12 作者: rapoo

asp.net 后台添加数据时 提示DBHelper.cs 类出现为题
网站后台添加数据时提示


“/400visa”应用程序中的服务器错误。
--------------------------------------------

',' 附近有语法错误。
说明: 执行当前 Web 请求期间,出现未经处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。

异常详细信息: System.Data.SqlClient.SqlException: ',' 附近有语法错误。

源错误:


行 64: }
行 65: conn.Open();
行 66: result = Convert.ToInt32(cmd.ExecuteScalar());
行 67:
行 68: }


源文件: E:\test\software\400visa\houtai\visa.DAL\DBHelper.cs 行: 66

堆栈跟踪:


[SqlException (0x80131904): ',' 附近有语法错误。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +2062238
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +5050268
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() +234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2275
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +33
System.Data.SqlClient.SqlDataReader.get_MetaData() +86
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +311
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +987
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteScalar() +139
visa.DAL.DBHelper.GetScalar(String sql, SqlParameter[] values) in E:\test\software\400visa\houtai\visa.DAL\DBHelper.cs:66
visa.DAL.Td_VisaService.InsertTd_Visa(Td_Visa td_Visa) in E:\test\software\400visa\houtai\visa.DAL\Td_VisaService.cs:46
visa.BLL.Td_VisaManager.AddTd_Visa(Td_Visa td_Visa) in E:\test\software\400visa\houtai\visa.BLL\Td_VisaManager.cs:20
systemadmin_tab_visaAdd.BtnAdd_Click(Object sender, EventArgs e) in e:\test\software\400visa\systemadmin\tab\visaAdd.aspx.cs:86
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13


System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563


网站做了伪静态,前台页面链接通过id(http://localhost:1510/400visa/nation_5.html)传递参数访问数据库 现在把id改为name来传递参数(http://localhost:1510/400visa/nation_American.html)

.bll添加了一个方法 通过name获得id

public static Td_Country GetTd_CountryByCouEname(string CouEname)
        {
            return Td_CountryService.SelectTd_CountryByCouEname(CouEname);
        }

.DAL

 public static Td_Country SelectTd_CountryByCouEname(string CouEname)
        {
            Td_Country info = null;//返回值
            string sql = string.Format("SELECT * FROM Td_Country WHERE CouEname =\'{0}\'", CouEname);
            IList<Td_Country> list = SelectTd_CountriesBySql(sql);
            if (list.Count > 0)
            {
                info = list[0];
            }
            return info;
        }


前台程序代码
  protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            string get = Request.QueryString["id"].ToString();
           
            string[] array = get.Split('_');
            string  name = array[1];
                       cont = Td_CountryManager.GetTd_CountryByCouEname(name);

            int id = cont.CouId;
          
            string sql = string.Format("select * from td_region where countryid={0}", id);
            Repeaterdq.DataSource = Td_RegionManager.SelectAllTd_RegionsBySql(sql);
            Repeaterdq.DataBind();
            
            string qzzl = "";
            sql = string.Format("select visaname from td_visa where visaregionid in(select regionid from td_region where countryid={0})and visatype=1  group by visaname", id); 
 
            DataTable table = DBHelper.GetTable(sql);
            foreach (DataRow row in table.Rows)
            {
                qzzl += "<li><p style='width:330px;'>" + row["visaname"].ToString() + daqu(id, row["visaname"].ToString()) + "</p></li>"; 
            }
            Literal1.Text = qzzl;

            sql = string.Format("select top 10 * from td_question where countryid={0} order by  questiontime desc", id);
            Repeaterwt.DataSource = Td_QuestionManager.SelectAllTd_QuestionsBySql(sql);
            Repeaterwt.DataBind();
            sql = "select top 10 * from td_message where messagetype=5 order by messagetime desc";
            Repeaterkx.DataSource = Td_MessageManager.SelectAllTd_MessagesBySql(sql);
            Repeaterkx.DataBind();


DBHelper.cs代码
   public static int GetScalar(string safeSql)
        {
            return GetScalar(safeSql,null);
        }

        public static int GetScalar(string sql, params SqlParameter[] values)
        {
            int result = 0;
            using (SqlConnection conn = new SqlConnection(connString))
            {
                SqlCommand cmd = new SqlCommand(sql, conn);
                if (values != null)
                {
                    cmd.Parameters.AddRange(values);
                }
                conn.Open();
                result = Convert.ToInt32(cmd.ExecuteScalar());
            }
            return result;
        }

前台测试运行正常
但是后台添加信息时提示错误,这是神马情况啊


[解决办法]
sql语句有问题,你连防止SQL注入都不写,这代码能安全吗?
我猜CouEname里既有单引号,又有逗号,所以导致拼的sql语句有问题
[解决办法]
那就是其他的拼接的sql语句有问题,你跟踪一下把那条sql语句书出来看看就知道了

读书人网 >C#

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net