C＃的SqlCommand錯誤

Question

foreach (string str in TestWords) 
{ 
    //spam 
    SqlCommand cmd6 = new SqlCommand("select count from keys,files,folders where keys.fileid=files.id and keys.kname='" + str + "' and files.spam=1 and folders.id<>" + FolIter + " and files.folderid<>" + FolIter + " and files.id='" + s[0].ToString + "'", cn); 
    int i6 = Convert.ToInt16(cmd6.ExecuteScalar()); 
    double temp = Convert.ToDouble((i6 + 1)/(i7 + i8)); 
    //non spam 

    **error** 

    SqlCommand cmd9 = new SqlCommand("select count from keys,files,folders where keys.fileid=files.id and keys.kname='" 
    + str 
    + "' and files.spam=0 and folders.id<>" 
    + FolIter 
    + " and files.folderid<>" 
    + FolIter 
    + " and files.id='" 
    + s[0].ToString 
    + "'", cn); 
    int i9 = Convert.ToInt16(cmd9.ExecuteScalar()); 
    temp2 = Convert.ToDouble((i9 + 1)/(i7 + i8)); 
    Sdoc = Convert.ToDouble(Sdoc * temp); 
    NsDoc = Convert.ToDouble(NsDoc * temp2); 
} 

錯誤IAM得到的是：操作「+」不能應用於類型「串」和「方法組」

Answer 1

您正使用方法ToString()財產

變化s[0].ToString - >s[0].ToString()

記住C＃不允許它。

Answer 2

的操作數你要調用的方法：

s[0].ToString() 

Answer 3

由於Nix，Femaref和Azhar提到，.ToString（）是觸發錯誤消息的錯字。

我可以建議使用參數而不是字符串連接嗎？通過這種方式：

SqlCommand cmd9 = new SqlCommand("select count from keys,files,folders where keys.fileid=files.id and keys.kname=@name and and files.spam=0 and folders.id<>@FolIter and files.folderid<>@FolIter and files.id=@s0", cn); 

cmd9.Parameters.Add(new SqlParameter("@name", str)); 
cmd9.Parameters.Add(new SqlParameter("@FolIter", FolIter)); 
cmd9.Parameters.Add(new SqlParameter("s0", s0)); 

通過這種方式，ADO.NET將處理您的變量是，你不會有將它們轉換爲字符串使用級聯，你不會被暴露在SQL injection風險。