17,748
社区成员
发帖
与我相关
我的任务
分享异常详细信息: System.Data.SqlClient.SqlException: ',' 附近有语法错误。
这问题整了很久了始终解决不了,跪求各位大神,求解决,这里面有文章的评论功能,每次我点评论提交,就出现这问题,不知如何解决!!!
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
namespace GROUP.Blog
{
public partial class showMainPage : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox title;
protected System.Web.UI.WebControls.Button Button1;
SqlConnection myConn;
public string bgcolor;
public string tcolor;
protected void Page_Load(object sender, System.EventArgs e)
{
if (IsSafe(Request.QueryString["id"],2)==false)
{
Response.Write("参数不正确,<a href=BlogIndex.aspx>点此返回</a>");
Response.End();
}
string connstr = ConfigurationSettings.AppSettings["conStr"];
string sql = "select * from news where n_id=" +Request.QueryString["id"]+"";
string cmd_sql = "select top 10 * from news where n_iscmd=1 order by n_id desc";
myConn = new SqlConnection(connstr);
SqlDataAdapter myCmd = new SqlDataAdapter(sql,myConn);
SqlDataAdapter classCmd = new SqlDataAdapter("select c_id,c_name from Category",myConn);
SqlDataAdapter cmdCmd = new SqlDataAdapter(cmd_sql,myConn);
DataSet ds = new DataSet();
myCmd.Fill(ds,"文章查看");
DataSet classds = new DataSet();
classCmd.Fill(classds,"类别列表");
DataSet cmdds = new DataSet();
cmdCmd.Fill(cmdds,"推荐文章");
NewsShow.DataSource = new DataView (ds.Tables[0]);
NewsShow.DataBind();
ClassList.DataSource = new DataView(classds.Tables[0]);
ClassList.DataBind();
CmdList.DataSource = new DataView(cmdds.Tables[0]);
CmdList.DataBind();
UpdateHit();
if (Request.Cookies["colors"]!=null)
{
string test = Request.Cookies["colors"].Value;
String[] colorList = test.Split(new char[] { ',' });
bgcolor = colorList[0];
tcolor = colorList[1];
}
else
{
bgcolor = "#FFDE94";
tcolor = "#efe3ce";
}
Page.DataBind();
}
/// <summary>
/// 更新点击次数。
/// </summary>
public void UpdateHit()
{
string up_sql = "update news set n_hit=n_hit+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
/// <summary>
/// 获得评论。
/// </summary>
public void getReplay()
{
Response.Write ("<table width=100% border=0 cellspacing=0 cellpadding=0>");
SqlCommand myCmd = new SqlCommand("select * from replay where n_id=" + Request.QueryString["id"] + "", myConn);
myConn.Open();
SqlDataReader read = myCmd.ExecuteReader();
while (read.Read())
{
Response.Write ("<tr height=25><td bgcolor=eeeeee><div align=center><font style='FONT-SIZE: 12px' color=red>"+ read[2].ToString() +"</font></div></td></tr><tr height=30><td><font style='FONT-SIZE: 12px'>"+ read[3].ToString() +"</font></td></tr><tr><td bgcolor=f8f8f8><div align=right><font style='FONT-SIZE: 12px'>"+ read[1].ToString() +"评论于"+ read[4].ToString() +"</font></div></td></tr>");
}
Response.Write ("</table>");
myConn.Close();
}
public bool IsSafe (string str, int prama)
{
if (prama==1)
{
if (Regex.IsMatch(str,"[0-9]"))
{
return true;
}
else
{
return false;
}
}
else
{
if (str.IndexOf("and")>0 || str.IndexOf("or")>0 || str.IndexOf("'")>0)
{
return false;
}
else
{
return true;
}
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
}
#endregion
/// <summary>
/// 评论提交。
/// </summary>
protected void replay_Click(object sender, System.EventArgs e)
{
if (IsPostBack)
{
if (r_nick.Text.Trim()=="" || r_title.Text.ToString().Trim()=="" || r_content.Value.Trim()=="")
{
Response.Write("<div align=center><li>昵称,标题,内容不能为空!</li><li><a href=javascript:history.back()>点此返回</a>");
Response.End();
}
else
{
string sql = "insert into replay (r_nick,r_title,r_content,r_date,n_id) values ('"+ r_nick.Text +"','"+ r_title.Text +"','"+ r_content.Value +"','"+System.DateTime.Now +"',"+Request.QueryString["id"]+")";
SqlCommand myCmd = new SqlCommand(sql,myConn);
myConn.Open();
myCmd.ExecuteNonQuery();
myConn.Close();
add_Reply();
Response.Redirect(""+Request.QueryString["id"]+".aspx");
}
}
}
/// <summary>
/// 增加评论数。
/// </summary>
public void add_Reply()
{
string up_sql = "update news set n_re=n_re+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
}
}
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
namespace GROUP.Blog
{
public partial class showMainPage : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox title;
protected System.Web.UI.WebControls.Button Button1;
SqlConnection myConn;
public string bgcolor;
public string tcolor;
protected void Page_Load(object sender, System.EventArgs e)
{
if (IsSafe(Request.QueryString["id"],2)==false)
{
Response.Write("参数不正确,<a href=BlogIndex.aspx>点此返回</a>");
Response.End();
}
string connstr = ConfigurationSettings.AppSettings["conStr"];
string sql = "select * from news where n_id=" +Request.QueryString["id"]+"";
string cmd_sql = "select top 10 * from news where n_iscmd=1 order by n_id desc";
myConn = new SqlConnection(connstr);
SqlDataAdapter myCmd = new SqlDataAdapter(sql,myConn);
SqlDataAdapter classCmd = new SqlDataAdapter("select c_id,c_name from Category",myConn);
SqlDataAdapter cmdCmd = new SqlDataAdapter(cmd_sql,myConn);
DataSet ds = new DataSet();
myCmd.Fill(ds,"文章查看");
DataSet classds = new DataSet();
classCmd.Fill(classds,"类别列表");
DataSet cmdds = new DataSet();
cmdCmd.Fill(cmdds,"推荐文章");
NewsShow.DataSource = new DataView (ds.Tables[0]);
NewsShow.DataBind();
ClassList.DataSource = new DataView(classds.Tables[0]);
ClassList.DataBind();
CmdList.DataSource = new DataView(cmdds.Tables[0]);
CmdList.DataBind();
UpdateHit();
if (Request.Cookies["colors"]!=null)
{
string test = Request.Cookies["colors"].Value;
String[] colorList = test.Split(new char[] { ',' });
bgcolor = colorList[0];
tcolor = colorList[1];
}
else
{
bgcolor = "#FFDE94";
tcolor = "#efe3ce";
}
Page.DataBind();
}
/// <summary>
/// 更新点击次数。
/// </summary>
public void UpdateHit()
{
string up_sql = "update news set n_hit=n_hit+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
/// <summary>
/// 获得评论。
/// </summary>
public void getReplay()
{
Response.Write ("<table width=100% border=0 cellspacing=0 cellpadding=0>");
SqlCommand myCmd = new SqlCommand("select * from replay where n_id=" + Request.QueryString["id"] + "", myConn);
myConn.Open();
SqlDataReader read = myCmd.ExecuteReader();
while (read.Read())
{
Response.Write ("<tr height=25><td bgcolor=eeeeee><div align=center><font style='FONT-SIZE: 12px' color=red>"+ read[2].ToString() +"</font></div></td></tr><tr height=30><td><font style='FONT-SIZE: 12px'>"+ read[3].ToString() +"</font></td></tr><tr><td bgcolor=f8f8f8><div align=right><font style='FONT-SIZE: 12px'>"+ read[1].ToString() +"评论于"+ read[4].ToString() +"</font></div></td></tr>");
}
Response.Write ("</table>");
myConn.Close();
}
public bool IsSafe (string str, int prama)
{
if (prama==1)
{
if (Regex.IsMatch(str,"[0-9]"))
{
return true;
}
else
{
return false;
}
}
else
{
if (str.IndexOf("and")>0 || str.IndexOf("or")>0 || str.IndexOf("'")>0)
{
return false;
}
else
{
return true;
}
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
}
#endregion
/// <summary>
/// 评论提交。
/// </summary>
protected void replay_Click(object sender, System.EventArgs e)
{
if (IsPostBack)
{
if (r_nick.Text.Trim()=="" || r_title.Text.ToString().Trim()=="" || r_content.Value.Trim()=="")
{
Response.Write("<div align=center><li>昵称,标题,内容不能为空!</li><li><a href=javascript:history.back()>点此返回</a>");
Response.End();
}
else
{
string sql = "insert into replay (r_nick,r_title,r_content,r_date,n_id) values ('"+ r_nick.Text +"','"+ r_title.Text +"','"+ r_content.Value +"','"+System.DateTime.Now +"',"+Request.QueryString["id"]+")";
SqlCommand myCmd = new SqlCommand(sql,myConn);
myConn.Open();
myCmd.ExecuteNonQuery();
myConn.Close();
add_Reply();
Response.Redirect(""+Request.QueryString["id"]+".aspx");
}
}
}
/// <summary>
/// 增加评论数。
/// </summary>
public void add_Reply()
{
string up_sql = "update news set n_re=n_re+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
}
}
...全文
请发表友善的回复…
发表回复
为明日而努力 2015-01-25
- 打赏
- 举报
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
public partial class logshow : System.Web.UI.Page
{
SqlConnection myConn;
protected void Page_Load(object sender, EventArgs e)
{
if (IsSafe(Request.QueryString["id"], 2) == false)//获取“id”的值是否存在
{
Response.Write("参数不正确,<a href=BlogIndex.aspx>点此返回</a>");
Response.End();
}
String conn = System.Configuration.ConfigurationManager.AppSettings["conStr"];
string sql = "select * from news where n_id=" + Request.QueryString["id"] + "";
myConn = new SqlConnection(conn);
SqlDataAdapter myCmd = new SqlDataAdapter(sql, myConn);
DataSet ds = new DataSet();
myCmd.Fill(ds, "文章查看");
showlist.DataSource = ds.Tables[0];
showlist.DataBind();
SqlDataAdapter replayCmd = new SqlDataAdapter("select * from replay where n_id=" + Request.QueryString["id"] + "", myConn);
DataSet replayDs = new DataSet();
replayCmd.Fill(replayDs, "评论列表");
DataListRE.DataSource = new DataView(replayDs.Tables[0]);
DataListRE.DataBind();
UpdateHit();
getReplay();
Page.DataBind();
}
public void UpdateHit()
{
string up_sql = "update news set n_hit=n_hit+1 where n_id=" + Request.QueryString["id"] + "";
SqlCommand upCmd = new SqlCommand(up_sql, myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
public void getReplay()
{
if (IsPostBack)
{
SqlCommand myCmd = new SqlCommand("select * from replay where n_id=" + Request.QueryString["id"] + "", myConn);
myConn.Open();
//创建一个数据阅读器
SqlDataReader read = myCmd.ExecuteReader();
while (read.Read())
{
SqlDataAdapter replayCmd = new SqlDataAdapter("select n_id,r_nick,r_date,r_title,r_content from replay ", myConn);
DataSet replayDs = new DataSet();
replayCmd.Fill(replayDs, "评论列表");
DataListRE.DataSource = new DataView(replayDs.Tables[0]);
DataListRE.DataBind();
}
myConn.Close();
}
}
public bool IsSafe(string str, int prama)
{
if (prama == 1)
{
if (Regex.IsMatch(str, "[0-9]"))
{
return true;
}
else
{
return false;
}
}
else
{
if (str.IndexOf("and") > 0 || str.IndexOf("or") > 0 || str.IndexOf("'") > 0)
{
return false;
}
else
{
return true;
}
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
}
#endregion
protected void Buttonfb_Click(object sender, EventArgs e)
{
if (IsPostBack)
{
if (TextBox1.Text.Trim() == "" || TextBox2.Text.ToString().Trim() == "" || TextBox3.Text.ToString().Trim() == "")
{
Response.Write("<div align=center><li>昵称,标题,内容不能为空!</li><li><a href=javascript:history.back()>点此返回留言</a>");
Response.End();
}
else
{
string sql = "insert into replay (r_nick,r_title,r_content,r_date,n_id) values ('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + System.DateTime.Now + "','" + Request.QueryString["id"] + "')";
SqlCommand myCmd = new SqlCommand(sql, myConn);
myConn.Open();
myCmd.ExecuteNonQuery();
myConn.Close();
add_Reply();
Response.Redirect("" + Request.QueryString["id"] + ".aspx");
}
}
}
public void add_Reply()
{
string up_sql = "update news set n_re=n_re+1 where n_id='" + Request.QueryString["id"] + "'";
SqlCommand upCmd = new SqlCommand(up_sql, myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();//ExecuteNonQuery():执行命令对象的SQL语句,返回一个int类型变量,如果SQL语句是对数据库的记录进行操作(如记录的增加、删除和更新),那么方法将返回操作所影响的记录条数。
}
catch
{
}
upCmd.Connection.Close();
}
}
为明日而努力 2015-01-25
- 打赏
- 举报
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Configuration;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
public partial class log : System.Web.UI.Page
{
SqlConnection myConn;
protected System.Web.UI.HtmlControls.HtmlForm Form1;
protected void Page_Load(object sender, EventArgs e)
{
String conn = System.Configuration.ConfigurationManager.AppSettings["conStr"];
myConn = new SqlConnection(conn);
SqlDataAdapter categoryCmd = new SqlDataAdapter("select c_id, c_name from category ", myConn);
DataSet categoryDs = new DataSet();
categoryCmd.Fill(categoryDs, "类别列表");
DataListFL.DataSource = new DataView(categoryDs.Tables[0]);
DataListFL.DataBind();
loglist_Bind();
Page.DataBind();
}
public bool IsSafe(string str, int prama)//str是条件语句,prama是判断参数。用了判断参数的格式是否正确
{
if (prama == 1)//如果prama==1,进if
{
if (Regex.IsMatch(str, "[0-9]"))//str是数字
{
return true;
}
else
{
return false;
}
}
else //params !=1时进else
{
if (str.IndexOf("and") > 0 || str.IndexOf("or") > 0 || str.IndexOf("'") > 0) //如果str中包含and,or,单引号
{
return false;
}
else //不包话and,or,单引号
{
return true;
}
}
}
public void loglist_Bind()
{
string sql;
if (Request.QueryString["c_id"] == null)
{//定义一个查询文章信息的sql语句
sql = "select * from news order by n_date desc";
}
else
{
if (IsSafe(Request.QueryString["c_id"], 2) == true)
{//查询最新博客列表
sql = "select * from news where c_id=" + Request.QueryString["c_id"] + " order by n_date desc";
}
else
{
sql = "";
Response.Write("参数不正确");
Response.End();
}
// Request.QueryString 是一个集合。后面的文字是用于找到集合中该名称的值
// Request.QueryString["name"]就是指 url中 名称为name的参数
// 比如 a.aspx?name=111
//Request.QueryString["name"] 的值 就是"111"
}
//定义并初始化数据适配器
SqlDataAdapter dataAdapter = new SqlDataAdapter(sql, myConn);
//创建一个DataSet数据集
DataSet ds = new DataSet();
//填充数据集
dataAdapter.Fill(ds, "所有文章");
loglist.DataSource = new DataView(ds.Tables[0]);
//绑定数据库中相关的数据
loglist.DataBind();
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
}
#endregion
protected void loglist_PageIndexChanging(object sender, GridViewPageEventArgs e)
{
loglist.PageIndex = e.NewPageIndex;//Gridview的分页设置,意思是当翻页事件被触发,当前的页数变成E.NewPageIndex
loglist_Bind();
}
}
为明日而努力 2015-01-25
- 打赏
- 举报
各位不介意的话加我qq聊吧,这等的太慢了 1669863439
无涯大者 2015-01-25
- 打赏
- 举报
LZ打个断点调试下,主要是SQL语句看哪里出错,SQl语句某个字段传值不正确导致的
string up_sql = "update news set n_re=n_re+1 where n_id='" +Request.QueryString["id"]+ "'";
为明日而努力 2015-01-25
- 打赏
- 举报
我有点搞不懂,我这只是一个评论功能,就像这个页面“提交回复”一样的,数据应该插入数据库才对,为什么一提交评论就会出现这个错误,而且数据也没插入数据库
为明日而努力 2015-01-25
- 打赏
- 举报
Request.QueryString["id"]里面的id是由上一个页面传过来的值,比如说我上面文章的id值是163到这个页面的值就是163
为明日而努力 2015-01-25
- 打赏
- 举报
n_id 是int类型的,后面这+“”不是独立的不能分开看,这么看才对“ =“+ +” ”。
SPFarmer 2015-01-24
- 打赏
- 举报
string sql = "select * from news where n_id=" +Request.QueryString["id"]+"";
这句话, n_id 是什么类型的?是数字还是字符串? 如果是字符串,那么你的参数要用“”包起来。
另外,后面+“” 是什么意思?
还有就是, Request.QueryString["id"] 可能包含了,
steal_dream 2015-01-23
- 打赏
- 举报
楼主!估计是你那个QueryString["id"]这个值里有逗号“,”。你检查一下!另外,你这种拼接SQL的方式会造成Sql注入攻击!建议使用参数化查询!
於黾 2015-01-23
- 打赏
- 举报
从你拼接的sql语句看不出有什么问题,根本里面也没有逗号啊
仔细看Request.QueryString["id"]这里面到底是什么玩意吧,是否里面不是id,而是一个带逗号的字符串
於黾 2015-01-23
- 打赏
- 举报
这就是SQL语句拼写错误,你断点跟,把拼接好的SQL语句放数据库里执行一下,就知道到底是哪个逗号有错误了
你把代码全部标红,让人怎么找到底是那句代码有错误?
这跟全部不变红有任何区别?
