mariadb 无效的MySQL查询语法

xtfmy6hx 于 2022-11-08 发布在 Mysql

关注(0)|答案(1)|浏览(112)

我的代码有什么问题？它一直显示这个错误，并且无法从数据库中提取任何条目

下面是代码：

Private Async Sub connDatabase()
    searchDrop.Text = ""
    searchValue.Text = ""

    If tableTypeLabel.Text = "pis" Then
        sqlQ = "SELECT CAASN, First_Name, Middle_Name, Last_Name, Occupation, Platoon, CAA_Company, Status FROM @tabNam;"
    ElseIf tableTypeLabel.Text = "dlt" Then
        MessageBox.Show("Info not available")
        Me.Close()
    End If

    dataTab.Rows.Clear()
    dataTab.Columns.Clear()
    Try
        Await sqlConn.OpenAsync()
        sqlComm.CommandType = CommandType.Text
        sqlComm.CommandText = sqlQ
        sqlComm.Parameters.AddWithValue("@tabNam", companyTagLab.Text)
        sqlAdap = New MySqlDataAdapter(sqlComm.CommandText, sqlConn)
        val = sqlAdap.Fill(dataTab)
        Await sqlConn.CloseAsync()

        If val > 0 Then
            listFilt.DataSource = dataTab
            listView.DataSource = Nothing
            listView.Rows.Clear()
            listView.Columns.Clear()
            listView.DataSource = listFilt
        ElseIf val < 1 Then
            MessageBox.Show("Data not available!")
        End If

        dataTab = Nothing
    Catch ex As Exception
        MessageBox.Show(ex.Message)
        Console.WriteLine(ex.Message)
    End Try
End Sub

mariadb

来源：https://stackoverflow.com/questions/72738953/invalid-mysql-query-syntax

1条答案

按热度按时间

im9ewurl1#

此问题与以下字符串有关：

"SELECT CAASN, First_Name, Middle_Name, Last_Name, Occupation, Platoon, CAA_Company, Status FROM @tabNam;"

删除该参数，并将其更改为：

"SELECT CAASN, First_Name, Middle_Name, Last_Name, Occupation, Platoon, CAA_Company, Status FROM " & companyTagLab.Text

确保companyTagLab.Text不会使您容易受到SQL注入攻击！

赞(0）回复(0）举报 2022-11-08

我来回答

mariadb 无效的MySQL查询语法

1条答案

相关问题

热门标签

最新问答