所以,我一直试图解决这个问题大约两个月.这一切都始于我的"开发"机器出现在我的笔记本电脑上.它在我的旧电脑上工作很有趣,但它在我的新电脑上不起作用,从未在笔记本电脑上工作过.
我构建SQL Server就像我记得的第一个一样,但它开始给我SQLExceptions.我用谷歌搜索它,我在这里搜索它,我尝试了不同的解决方案.没有.
我会发布有问题的代码,我希望有人能够帮我看看我的缺陷.我确信这是愚蠢的.
SqlCommand sc = sqlc.CreateCommand();
sc.CommandText = "SELECT pNumber FROM database WHERE pNumber = '" + Number.ToString() + "'";
SqlDataReader sdr = sc.ExecuteReader();
if (sdr.Read().ToString() != null)
{
sdr.Close();
sc.CommandText = "UPDATE word SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";
HERE IS WHERE THE ERROR OCCURS----> sc.ExecuteReader();
}
else
{
sdr.Close();
sc.CommandText = "INSERT INTO database VALUES(" + Number.ToString() + ",'" + Word + "',0, 0, 0)";
sc.ExecuteNonQuery();
sc.CommandText = "SELECT * FROM database WHERE pNumber = '" + Number.ToString() + "'";
SqlDataReader dataRead = sc.ExecuteReader();
for (int x = 0; x < 6; ++x)
{
User[x] = dataRead.GetString(x);
}
}
sqlc.Close();
编辑:SqlException:无效的对象名称:'word'.在System.Data.SqlClient.SqlConnection.OnError(...
将输入值更改为参数.它更安全,并且可能会解决您的问题,如果它是由意外SQL注入引起的问题.
http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson06.aspx
像这样:
sc.CommandText = "INSERT INTO database VALUES(@number,@word,0, 0, 0)";
sc.Parameters.Add("@number", SqlType.Int).Value = number;
sc.Parameters.Add("@word", SqlType.Int).Value = Word
sc.CommandText = "UPDATE word SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";
应该读一读
sc.CommandText = "UPDATE database SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";
我更改了SQL查询中的tablename,即all.