Give a space next to the "and" on query string
select toolname,ErrorDescription,StartTime,EndTime from TransactionDetails,tools where ToolsOutageID=" + x +" and toolid="+y
문제
I am trying to join two tables here but end up getting error "incorrect syntax near toolid",below is the code I am using. Value of toolsoutageid and toolid is been sending from other page link.NavigateUrl = "~/OutageInfo.aspx?outageID=" + outageid + "toolid="+toolid;
string x = this.Request.QueryString["outageID"];
string y = this.Request.QueryString["toolid"];
SqlConnection con = new SqlConnection(@"xyz");//connection name
con.Open();
SqlCommand cmd = new SqlCommand("select toolname,ErrorDescription,StartTime,EndTime from TransactionDetails,tools where ToolsOutageID=" + x +"and toolid="+y, con);
cmd.CommandType = CommandType.Text;
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);//Here I get the error
GridView1.DataSource = ds.Tables;
GridView1.DataBind();
해결책
Give a space next to the "and" on query string
select toolname,ErrorDescription,StartTime,EndTime from TransactionDetails,tools where ToolsOutageID=" + x +" and toolid="+y
다른 팁
Assuming that your parameters are string you should use '
for your string compression.
Assuming that your parameters are string you should use `'` for your string compression.
select
toolname,
ErrorDescription,
StartTime,
EndTime
from
TransactionDetails
where
ToolsOutageID='" + x +"'
and toolid='"+y+"'"
But you should use parameterised Query instead of query like above
How do parameterized queries help against SQL injection?
int x = Convert.ToInt32(this.Request.QueryString["outageID"]);
int y = Convert.ToInt32(this.Request.QueryString["toolid"]);
select
toolname,
ErrorDescription,
StartTime,
EndTime
from
TransactionDetails
where
ToolsOutageID=" + x +"
and toolid="+y