Zun*_*air 0 c# sql sql-server asp.net
我正在尝试使用SqlDataReader从我的数据库中获取数据
但我得到一个语法错误"System.Data.SqlClient.SqlException:'='附近的语法不正确",我不知道它是什么.
这是我的代码
cmd = new SqlCommand("Select Submission_Attachment as Path from Tasks where Submission_FileName =" + FileName, con);
reader = cmd.ExecuteReader();
while (reader.Read())
{
FilePath = reader["Path"].ToString();
TextBox1.Text = FilePath;
}
有错误示出了在读取器= cmd.ExecuteReader();
Lar*_*ech 15
使用参数来避免SQL注入.
您当前的字符串不会被单引号括起来,这会导致错误.
string sqlText = "Select Submission_Attachment as Path from Tasks where Submission_FileName = @fileName";
cmd = new SqlCommand(sqlText, con);
cmd.Parameters.AddWithValue("@fileName", FileName);
reader = cmd.ExecuteReader();