查询字符串中出现问题

本文介绍了查询字符串中出现问题的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

在vb中，我想从三个表中获取值并将数据源设置为crystal，因此我正在使用以下编码，但是会发生错误，请为我解决此问题

In vb i want to get the values from three tables and set the datasource to crystal so i am using following coding but the error will occured please help me for this problem

Dim sqlda As New SqlDataAdapter("select Projid,PName,Date,TotalAmount,Status from PDetails1 where Ccode = '" & cuscode & "' union select dcode,dname,Regdate,Totamt,status from domain where CTno='" & cuscode & "' union select Name,wcode,webhostname,Rdate,totamt,Status from webhost where Ccode='" & cuscode & "' union select code,Description,RenewalDate,Amount,Status from Renewal CCode='" & cuscode & "'", con) Dim sqlda As New SqlDataAdapter("select T1.Projid,T1.PName,T1.Date,T1.TotalAmount,T1.Status,T2.Dcode,T2.Dname,T2.Regdate,T2.Totamt,T2.Status,T3.Name,T3.Wcode,T3.webhostname,T3.Rdate,T3.totamt,T3.Status,T4.Code,T4.Description,T4.Renewaldate,T4.Amount,T4.Status from PDetails1 T1,Domain T2,Webhost T3,Renewal T4 where T1.Ccode=T2.CTNo and T2.CTno=T3.CCode and T4.CCode=T1.Ccode and T1.CCode= '" & cuscode & "' and T2.CTno='" & cuscode & "' or T3.Ccode='" & cuscode & "' Or T4.CCode='" & cuscode & "' order by T4.CCode", con) Dim ProDset1 As New DataSet sqlda.Fill(ProDset1) 'DataGridView1.DataSource = ProDset1.Tables(0) Dim rrview As New reportviewer Dim RptProstmt As New cusreport RptProstmt.SetDataSource(ProDset1.Tables(0))

请帮助我 在此先感谢

Please help me Thanks in advance

推荐答案

不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.请改用参数化查询. 很有可能同时解决您的问题！ Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. There is a good chance that this will cure your problem at the same time!

尊敬的使用数据集文件来构建查询结果&通过该数据集生成报表 bcoz水晶报告显示与数据库的连接错误过多. 如果您不舒服，我可以向您发送代码 Dear use dataset file to build query result & make your report by that dataset bcoz crystal report showing too much error on connection with database. if u r uncomfortable i can send u the code

最可能的原因是，连接的值包含非法字符，例如".如建议的那样，始终使用参数.请参阅: SqlParameter [ ^ ] 另一种可能性是，UNION组合的不同选择中的列数不匹配，或者数据类型不匹配. 同样在后面的查询中，您将AND和OR条件组合在一起.但是，您没有使用任何括号，因此很可能会得到错误的结果. The likeliest reason is that the concatenated value contains illegal characters such as ''. As suggested always use parameters. See: SqlParameter[^] Another possibilities are that the number of columns in the different select''s combined by UNION do not match or the data types do not match. Also in your latter query, you have both AND and OR conditions combined. However, you have not used any parenthesis, so the chances are that you''re going to get wrong results.