foreach (string str in TestWords)
{
//spam
SqlCommand cmd6 = new SqlCommand("select count from keys,files,folders where keys.fileid=files.id and keys.kname='" + str + "' and files.spam=1 and folders.id<>" + FolIter + " and files.folderid<>" + FolIter + " and files.id='" + s[0].ToString + "'", cn);
int i6 = Convert.ToInt16(cmd6.ExecuteScalar());
double temp = Convert.ToDouble((i6 + 1)/(i7 + i8));
//non spam
**error**
SqlCommand cmd9 = new SqlCommand("select count from keys,files,folders where keys.fileid=files.id and keys.kname='"
+ str
+ "' and files.spam=0 and folders.id<>"
+ FolIter
+ " and files.folderid<>"
+ FolIter
+ " and files.id='"
+ s[0].ToString
+ "'", cn);
int i9 = Convert.ToInt16(cmd9.ExecuteScalar());
temp2 = Convert.ToDouble((i9 + 1)/(i7 + i8));
Sdoc = Convert.ToDouble(Sdoc * temp);
NsDoc = Convert.ToDouble(NsDoc * temp2);
}
錯誤IAM得到的是:操作「+」不能應用於類型「串」和「方法組」C#的SqlCommand錯誤
提供錯誤發生的行將是有益的,並且範圍的其餘部分。 – Kolky 2010-09-07 12:03:07
* FolIter *究竟是什麼? – slugster 2010-09-07 12:04:55
兩件事:1)什麼是'FolIter'和2)(這一點很重要):做一些關於SQL注入的閱讀(從這裏開始,例如:http://msdn.microsoft.com/en-us/雜誌/ cc163917.aspx)以及採取措施避免它。您的代碼對於此類攻擊廣泛開放。 – 2010-09-07 12:06:17