我正在拨打以下代码...
public static bool checkDuplicateProducts(string item1, string item2)
{
//new connection
SqlConnection con = new SqlConnection(stringCon);
//adapter query
SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM '" + item1 + "' WHERE ProductCode='" + item2 + "'", con);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count >= 1)
{
return true;
}
else
{
return false;
}
}
来自此...
string tableName = "Product";
else if(Functions.checkDuplicateProducts(tableName, textBox2.Text) == true)
{
MessageBox.Show("The id is already available", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
它出现以下错误...System.Data.SqlClient.SqlException:'产品'附近的语法不正确。'
[Select * from Table Name
,对于在'Table Name'
中的查询,您应该不接受c#
替换密码
SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM " + item1 + " WHERE ProductCode='" + item2 + "'", con);
您的表不应为单引号,即SELECT * FROM table_name
"SELECT * FROM '" + item1 + "'
应该是
"SELECT * FROM " + item1 + "
但是,一般来说,您实际上应该使用参数化查询,以免您在sql注入式攻击中处于错误的结尾。