本文介绍了在'='附近显示语法错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! Public Class frmPrintBillReport Private Sub frmPrintBillReport_Load(ByVal sender As System.Object,ByVal e As System.EventArgs)Handles MyBase.Load 试试 Dim rpt As New PrintBillCrystalReport()'您创建的报告。 Dim myConnection As SqlConnection Dim MyCommand As New SqlCommand() Dim myDA As New SqlDataAdapter() Dim myDS As New TestdbDataSet'你创建的DataSet。 myConnection = New SqlConnection(Data Source = AKSHAY-PC\SQLEXPRESS; Initial Catalog = Testdb; Integrated Security = True) MyCommand.Connection = myConnection MyCommand.CommandText =select Customersdb.Customer_ID,CustomerRequirementdb.Product_ID,CustomerRequirementdb.Product_Name,BillFormatdb.Customer_Name,BillFormatdb。[Delivery Charge],BillFormatdb。[Bill Amount],BillFormatdb。[Total Amount]来自CustomerRequirementdb,Customersdb,BillFormatdb,其中BillFormatdb。[Customer Name] = CustomerRequirement.CName = Customersdb.Customer_Name和Customer_ID ='& frmCustomerRequirement.CheckBox1.Text& ' MyCommand.CommandType = CommandType.Text myDA.SelectCommand = MyCommand myDA.Fill(myDS,Customersdb) myDA.Fill(myDS,BillFormatdb ) myDA.Fill(myDS,CustomerRequirementdb) rpt.SetDataSource(myDS) CrystalReportViewer1.ReportSource = rpt Catch ex As Exception MessageBox.Show( ex.Message,Error,MessageBoxButtons.OK,MessageBoxIcon.Error)结束尝试结束子 解决方案 其中 BillFormatdb。[客户名称] = CustomerRequirement.CName = Customersdb.Customer_Name 这部分将关闭SQL。你有 = 两次没有任何分离... 然而,最重要的是你使用用于创建SQL命令的字符串连接。巨大的错误!!! 您正在为SQL注入攻击打开系统!!! 使用参数化查询! BillFormatdb。[客户名称] = CustomerRequirement.CName = Customersdb.Customer_Nam 这里的东西似乎有误。 您应该在这些查询错误场景中执行的操作是在Sql Server Management Studio中运行相同的查询。 它应该让您了解查询的位置。 Public Class frmPrintBillReport Private Sub frmPrintBillReport_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Try Dim rpt As New PrintBillCrystalReport() 'The report you created. Dim myConnection As SqlConnection Dim MyCommand As New SqlCommand() Dim myDA As New SqlDataAdapter() Dim myDS As New TestdbDataSet 'The DataSet you created. myConnection = New SqlConnection("Data Source=AKSHAY-PC\SQLEXPRESS;Initial Catalog=Testdb;Integrated Security=True") MyCommand.Connection = myConnection MyCommand.CommandText = "select Customersdb.Customer_ID, CustomerRequirementdb.Product_ID, CustomerRequirementdb.Product_Name, BillFormatdb.Customer_Name, BillFormatdb.[Delivery Charge], BillFormatdb.[Bill Amount], BillFormatdb.[Total Amount] from CustomerRequirementdb, Customersdb,BillFormatdb where BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_Name and Customer_ID='" & frmCustomerRequirement.CheckBox1.Text & "'" MyCommand.CommandType = CommandType.Text myDA.SelectCommand = MyCommand myDA.Fill(myDS, "Customersdb") myDA.Fill(myDS, "BillFormatdb") myDA.Fill(myDS, "CustomerRequirementdb") rpt.SetDataSource(myDS) CrystalReportViewer1.ReportSource = rpt Catch ex As Exception MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error) End Try End Sub 解决方案 where BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_NameThis part will pis off SQL. You have = twice without separation of any kind...However, what is most important that you use string concatenation for creating SQL command. Big, huge mistake!!!You are opening you system for SQL injection attacks!!!Use parameterized queries! BillFormatdb.[Customer Name]=CustomerRequirement.CName=Customersdb.Customer_NamSomething here seems to be wrong.What you should do in these query error scenarios is run the same query in Sql Server Management Studio.It should give you an idea on where the query is going worong. 这篇关于在'='附近显示语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 09-02 18:38