“？”附近的语法无效错误。

本文介绍了“？”附近的语法无效错误。的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我已将我的数据库从访问转换为sql。因此，在保存图像时会抛出此错误。我怎么能解决这个问题， 这是我的代码，

I Have Converted my database from access to sql. So while Saving image it throws this error. How can I solve this, This is my code,

SelStr = "" & "Update Admission Set AdmissionNo = '" & AdmNo & "', ENClass = '" & Enclass & "', StudentFN = '" & SFN & "', " & "StudentMN = '" & SMN & "', StudentLN = '" & SLN & "', FatherFN = '" & FFN & "', FatherMN = '" & FMN & "', " & "FatherLN = '" & FLN & "', MotherFN = '" & MFN & "', MotherMN = '" & MMN & "', MotherLN = '" & MLN & "', " & "GuardianFN = '" & GFN & "', GuardianLN = '" & GLN & "', GRelation = '" & GRel & "', CCity = '" & CCity & "', " & "FatMob = '" & FathMo & "', AltNo = '" & AltNo & "', Gender = '" & Gender & "', Category = '" & Category & "', " & "Religion = '" & Religion & "', PSName = '" & PSName & "', PSClass = '" & PSClass & "', PSGrade = '" & PSGrade & "', " & "PSCity = '" & PSCity & "', PSState = '" & PSState & "', PSPYear = '" & PSYear & "', AddressPer = '" & AddPer & "', " & "AddressPre = '" & AddPre & "', Remark = '" & Remark & "', DOB = '" & DOB & "', JnDt = '" & JnDt & "', " & "FOcc = '" & Focc & "', FEdu = '" & FEdu & "', FASal = '" & FASal & "', MOcc ='" & MOcc & "', MEdu = '" & MEdu & "', " & "MASal = '" & MASal & "', BusFacility = '" & BusFac & "', BusFrmID=0 , BusFrm = 'NA', " & "BroSis = '" & BroSis & "', Attachments = '" & AttachLis & "', AttachmentIDs = '" & AttIDs & "', MotMob = '" & MothMo & "', " & "[Cast] = '" & SCast & "', SMSNo = '" & SMSNo & "',Student_Images=" & strImage & ",SType = '" & SType & "',Email = '" & Email & "',Aadhar = '" & Aadhar & "' Where AdmissionID = " & temp & "" cmd.CommandText = SelStr If strImage = "?" Then cmd.Parameters.Add(strImage, SqlDbType.Image).Value = arrImage End If cmd.ExecuteNonQuery()

推荐答案

主要问题是您将值直接连接到SQL语句。而是使用 SqlParameter [ ^ ]保持安全，不受SQL注入，转换问题等的影响。 换句话说，代码应该类似于以下内容（仅添加几个参数作为示例） The main problem is that you concatenate the values directly to the SQL statement. Instead use SqlParameter[^] to stay safe from SQL injections, conversion problems etc. In other words the code should look something like the following (just few parameters added as an example) SelStr = "Update Admission Set AdmissionNo = @AdmNo, ENClass = @ENClass, ..." cmd.CommandText = SelStr cmd.Parameters.AddWithValue("@AdmNo", AdmNo) cmd.Parameters.AddWithValue("@ENClass", ENClass) ...

另一件事是你设置了值 Student_Images 到？根据后面的代码， strImage 的值可能是一个问号，但这几乎不是你应该添加到数据库列的。只是猜测，但是 Student_Images 的值应该是 arrImage

Another thing is that you set the value of Student_Images to ?. Based on the later code the value of strImage can be a question mark, but this is hardly what you're supposed to add to the database column. Just guessing but should the value of Student_Images be arrImage