我已将数据库从Access转换为SQL。因为Sql不接受format()所以它显示#附近的无效语法错误。我怎么解决这个问题。请帮帮我。 这是我的代码。 Private Sub LoadGrid() Da =新SqlDataAdapter(SELECT StudentAccountS.StClass,StudentAccountS.StAdmNo,StudentAccountS.StName,StudentAccount.Amount,StudentAccountS.Remark,StudentAccountS.ReceiptNo,StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID其中& (StudentAccountS.Dated =#&Format(SelDate,MM / dd / yyyy)&#) ,康宁) GridDT =新数据表 Da.Fill(GridDT) 结束Sub
I Have Converted my database from Access To SQL .As Sql Doesn't accept format() so it shows an error of invalid Syntax near #. How can I Solve this problem. Please help me. This is my Code. Private Sub LoadGrid() Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " & "(StudentAccountS.Dated = #" & Format(SelDate, "MM/dd/yyyy") & "#)", Conn) GridDT = New DataTable Da.Fill(GridDT) End Sub
推荐答案修复 SQL注入 [ ^ ]代码中的漏洞,你会同时修复此问题: Fix the SQL Injection[^] vulnerability in your code, and you'll fix this problem at the same time: Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where (StudentAccountS.Dated = @Dated)", Conn) Da.SelectCommand.Parameters.AddWithValue("@Dated", SelDate) GridDT = New DataTable Da.Fill(GridDT)
你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ] 如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ] 查询参数化备忘单| OWASP [ ^ ] SQL注入攻击机制Pluralsight [ ^ ]
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^] How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^] Query Parameterization Cheat Sheet | OWASP[^] SQL injection attack mechanics | Pluralsight [^]
在SQL中,您将使用 CONVERT [ ^ ]函数。 In SQL you would use the CONVERT[^] function. Da = New SqlDataAdapter("SELECT StudentAccountS.StClass, StudentAccountS.StAdmNo, StudentAccountS.StName, StudentAccount.Amount, StudentAccountS.Remark, StudentAccountS.ReceiptNo, StudentAccount.TransactionID,StudentAccount.Perticular FROM StudentAccountS INNER JOIN StudentAccount ON StudentAccountS.SSID = StudentAccount.SSID where " & "(StudentAccountS.Dated = #" & CONVERT(VARCHAR(10), SelDate, 101) & "#)", Conn)
更多推荐
#错误附近的语法无效。
发布评论