我試圖在ASP.net中創建一個網站,它向我展示了我們組織推出的出版物。以下是來自cs文件的一些代碼。System.Data.SqlClient.SqlException:關鍵字'FROM'附近的語法不正確
//2nd - Setup SQL Command
SqlCommand cmd = new SqlCommand("SELECT [IDTip], [Date], CONVERT(nvarchar(100),[Date], 1) AS Released, [Title], [Image], REPLACE(CONVERT (nvarchar(MAX),[Tip]), '</p>\r\n\r\n<p>', '<p></p>') AS ContentConverted, Recognition, FROM tips WHERE IDTip =" + Request.QueryString["IDTip"], new SqlConnection(HealthReachConString));
//3rd - Attempt to open the connection to the DB
cmd.Connection.Open();
//4th - Go and fetch some data and apply it to our controls
SqlDataReader objReader = cmd.ExecuteReader();
while (objReader.Read())
{
lblDate.Text = objReader.GetString(2);
lblTitle.Text = objReader.GetString(4);
lblTip.Text = Convert.ToString(objReader["ContentConverted"]);
imgContentPicture.ImageUrl = "~/files/Health_Tips/" + objReader.GetString(5);
if (objReader.GetString(5) == " " || objReader.GetString(5) == "")
{
imgContentPicture.Visible = false;
}
else
{
imgContentPicture.Visible = true;
}
}
objReader.Close();
cmd.Connection.Close();
這是我得到的錯誤。
Server Error in '/' Application.
Incorrect syntax near the keyword 'FROM'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'FROM'.Source Error:
Line 23:
Line 24: //4th - Go and fetch some data and apply it to our controls Line 25: SqlDataReader objReader = cmd.ExecuteReader();
Line 26: while (objReader.Read())
Line 27: {Stack Trace:
[SqlException (0x80131904): Incorrect syntax near the keyword 'FROM'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +1791910
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5347106 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec>t stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +1693
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +61
System.Data.SqlClient.SqlDataReader.get_MetaData() +90
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +377
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) +1421
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite) +177
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +53 System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +137
System.Data.SqlClient.SqlCommand.ExecuteReader() +99
PressRoom_Detail.Page_Load(Object sender, EventArgs e) in E:\web\healthreach\htdocs\Tips_Detail.aspx.cs:25
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772
任何想法是怎麼回事?
[SQL注入警報](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 您應該**不**將您的SQL語句連接在一起 - 使用**參數化查詢**來代替以避免SQL注入 –