https://stackoverflow.com/questions/23464974
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianGive a space next to the "and" on query string
select toolname,ErrorDescription,StartTime,EndTime from TransactionDetails,tools where ToolsOutageID=" + x +" and toolid="+y
Error while joining two tables
-
15-07-2023 - |
Domanda
I am trying to join two tables here but end up getting error "incorrect syntax near toolid",below is the code I am using. Value of toolsoutageid and toolid is been sending from other page link.NavigateUrl = "~/OutageInfo.aspx?outageID=" + outageid + "toolid="+toolid;
string x = this.Request.QueryString["outageID"];
string y = this.Request.QueryString["toolid"];
SqlConnection con = new SqlConnection(@"xyz");//connection name
con.Open();
SqlCommand cmd = new SqlCommand("select toolname,ErrorDescription,StartTime,EndTime from TransactionDetails,tools where ToolsOutageID=" + x +"and toolid="+y, con);
cmd.CommandType = CommandType.Text;
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);//Here I get the error
GridView1.DataSource = ds.Tables;
GridView1.DataBind();
Soluzione
Altri suggerimenti
Assuming that your parameters are string you should use ' for your string compression.
Assuming that your parameters are string you should use `'` for your string compression.
select
toolname,
ErrorDescription,
StartTime,
EndTime
from
TransactionDetails
where
ToolsOutageID='" + x +"'
and toolid='"+y+"'"
But you should use parameterised Query instead of query like above
How do parameterized queries help against SQL injection?
Edit 1
int x = Convert.ToInt32(this.Request.QueryString["outageID"]);
int y = Convert.ToInt32(this.Request.QueryString["toolid"]);
select
toolname,
ErrorDescription,
StartTime,
EndTime
from
TransactionDetails
where
ToolsOutageID=" + x +"
and toolid="+y
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
