vb.net 查询中的语法错误。函数内 Max 语句中的不完整查询子句
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22780663/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Syntax error in query. Incomplete query clause in Max statement inside a function
提问by Ahmed Faizan
I am trying to simply connect to a database. But the problem arises in the concatenation part of the Sql query.
我试图简单地连接到数据库。但是问题出现在Sql查询的连接部分。
When I do:
当我做:
cmd = New OleDbCommand("Select max(ID) from Table1", con)
There is no error but when I do
没有错误,但是当我这样做时
cmd = New OleDbCommand("Select max(ID) from'" & tablename & "'", con)
The vb.net error comes: Syntax error in query. Incomplete query clause.
vb.net 错误来了:查询中的语法错误。不完整的查询子句。
Here is the full code
这是完整的代码
Function Get_Max(ByVal Get_Table_Name As String)
Dim tablename As String = Get_Table_Name
Dim found_max As Integer
Call connect()
con.Open()
cmd = New OleDbCommand("Select max(ID) from'" & tablename & "'", con)
dr = cmd.ExecuteReader
While dr.Read
found_max = dr(0)
End While
con.Close()
MsgBox(found_max)
Return found_max
End Function
回答by Steve
Do not put single quotes around the variable tablename
不要在变量表名周围加上单引号
cmd = New OleDbCommand("Select max(ID) from " & tablename, con)
Otherwise the tablename variable becomes a literal string and, from the database point of view you are requesting the MAX(ID) of the string 'Table1'.
否则 tablename 变量将成为文字字符串,并且从数据库的角度来看,您正在请求 string 的 MAX(ID) 'Table1'。
A part from this you should be absolutely sure about the value of the variable tablename.
其中一部分您应该绝对确定变量的值tablename。
Do not allow the end user to directly type this value (at least let him choose between a list of predefined names).
This kind of code is very weak and open to Sql Injections.
不允许最终用户直接键入此值(至少让他在预定义名称列表之间进行选择)。
这种代码非常薄弱,并且对 Sql 注入开放。
And, as other answers have already outlined, a couple of Square Brackets around the table name are required if one or more of your tables contains a space or have the same name as a reserved keyword
而且,正如其他答案已经概述的那样,如果您的一个或多个表包含空格或与保留关键字具有相同的名称,则需要在表名称周围加上几个方括号
cmd = New OleDbCommand("Select max(ID) from [" & tablename & "]", con)
回答by Adrian Wragg
You are adding in additional quote characters. Your initial string
您正在添加额外的引号字符。你的初始字符串
cmd = New OleDbCommand("Select max(ID) from'" & tablename & "'", con)
is evaluating to
正在评估
cmd = New OleDbCommand("Select max(ID) from'Table1'", con)
Instead, you should probably be using:
相反,您可能应该使用:
cmd = New OleDbCommand("Select max(ID) from [" & tablename & "]", con)
The [and ]give you additional protection against reserved words matching table names, although not SQL query injection, to which this code may still be vulnerable.
在[和]给你对匹配表名称保留字额外的保护,虽然不是SQL查询注入,以使这一代码可能仍然是脆弱的。
回答by Codemunkeee
change this line
改变这一行
cmd = New OleDbCommand("Select max(ID) from " & tablename & "", con)
to this
对此
cmd = New OleDbCommand("Select max(ID) from " & tablename, con)
you just missed a space and remove the "'"
你只是错过了一个空格并删除了“'”
