开发者

VB.NET An expression of non-boolean type specified in a context where a condition is expected, near ')'

问答 作者:

I am developing a VB.NET ASPX file and am trying to run a string query in VB.NET, but now I get the above error message. How can I determine the cause? Some of the code in this ASPX file is below. The line it errors on is: DSPageData = GlobalFunctions.GlobalF.GetSQLServerDataSet(SQL)

But this same function works for one of my other SQL strings, so I think the problem is somewhere in this SQL string:

            arrType.Add("Product and Process")
            arrType.Add("Product")
            arrType.Add("Process")                          
            dType.DataSource = arrType
            dType.DataBind()

                arrPEType.Add("INC")
                arrPEType.Add("NC")
                arrPEType.Add("QC")
                peType.DataSource = arrPEType
                peType.DataBind()
...
        Select Case dType.SelectedValue
            Case "Product and Process": 
                TheType = "(SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION='PXP_PRODUCT_QXP' Or SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION)='PXP_PROCESS_QXP')"
            Case "Product": 
                TheType = "(SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION='PXP_PRODUCT_QXP')"
            Case "Process": 
                TheType = "(SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION='PXP_PROCESS_QXP')"
        End Select

            Select Case peType.SelectedValue
                Case "INC": 
                    PE_Type = "(substring(a.QXP_EXCEPTION_NO, charindex('-', a.QXP_EXCEPTION_NO)+1, 4)='INC')"
                Case "NC": 
                    PE_Type = "(substring(a.QXP_EXCEPTION_NO, charindex('-', a.QXP_EXCEPTION_NO)+1, 4)='NC')"
                Case "QC": 
                    PE_Type = "(substring(a.QXP_EXCEPTION_NO, charindex('-', a.QXP_EXCEPTION_NO)+1, 4)='QC')"
            End Select

            If dOrgUnit.SelectedValue = "A开发者_开发知识库ll" then
                TheOrgUnit = "<> 'All'"
            Else
                TheOrgUnit = "='" & dOrgUnit.SelectedValue & "'"
            End If

            Dim SQL As String = "SELECT CASE SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION WHEN 'PXP_PROCESS_QXP' THEN SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_SHORT_DESC ELSE EPF_FAILURE_MODE END AS QXP_SHORT_DESC, " & _
                                "Count(distinct SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_EXCEPTION_NO) AS CountOfQXP_EXCEPTION_NO " & _
                                 "FROM SMARTSOLVE.V_QXP_ALL_EXCEPTION LEFT OUTER JOIN " & _
                                    "SMARTSOLVE.V_EPL_EXCEPTION_PART_LOT ON V_QXP_ALL_EXCEPTION.QXP_ID = V_EPL_EXCEPTION_PART_LOT.EPL_QXP_ID LEFT OUTER JOIN " & _
                                    "SMARTSOLVE.V_EPF_EXPN_PART_FMODE ON V_EPL_EXCEPTION_PART_LOT.EPL_EPA_ID = V_EPF_EXPN_PART_FMODE.EPF_EPA_ID " & _
                                    "LEFT OUTER JOIN SMARTSOLVE.V_PXP_PRODUCT_QXP ON SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_ID = SMARTSOLVE.V_PXP_PRODUCT_QXP.QXP_ID " & _
                                          "LEFT OUTER JOIN SMARTSOLVE.V_PXP_PROCESS_QXP ON SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_ID = SMARTSOLVE.V_PXP_PROCESS_QXP.QXP_ID " & _
   "WHERE SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_OCCURENCE_DATE >= CONVERT(DATETIME, '" & FirstMonthDate & " 00:00:00', 102) " & _
   "And SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_OCCURENCE_DATE <= CONVERT(DATETIME, '" & LastMonthDate & " 23:59:59', 102) AND " & _
   "SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_XRS_DESCRIPTION<>'Cancel' AND " & _
   "SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_ORU_NAME" & TheOrgUnit & _
   " and " & TheType & _
   "AND (CASE V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION WHEN 'PXP_PROCESS_QXP' THEN V_PXP_PROCESS_QXP.PXP_OPR_NAME ELSE V_PXP_PRODUCT_QXP.PXP_OPR_NAME END <> 'Non-Diagnostic' OR " & _
                                    "CASE V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION WHEN 'PXP_PROCESS_QXP' THEN V_PXP_PROCESS_QXP.PXP_OPR_NAME ELSE V_PXP_PRODUCT_QXP.PXP_OPR_NAME END IS NULL) " & _
                                 "GROUP BY CASE SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION WHEN 'PXP_PROCESS_QXP' THEN SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_SHORT_DESC ELSE EPF_FAILURE_MODE END " & _
                                 "ORDER BY Count(distinct SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_EXCEPTION_NO) DESC"

            Dim DSPageData as new System.Data.DataSet
            DSPageData = GlobalFunctions.GlobalF.GetSQLServerDataSet(SQL)

You have one too many ) here:

           Case "Product and Process"                 
TheType = "(SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION='PXP_PRODUCT_QXP' Or SMARTSOLVE.V_QXP_ALL_EXCEPTION.QXP_BASE_EXCEPTION)='PXP_PROCESS_QXP')"

It looks like " and " & TheType & _ in you code above should be replace with:
" and " & PE_Type & _.

I really hope this doesn't mean you're running with Option Explicit turned off. For shame.

But please take my comments on sql injection to heart. There are people out there running software that randomly trolls web sites looking for vulnerable pages, and even if you don't have a plain text input I could craft an http request that would submit anything I wanted via the dOrgUnit dropdown list. Including something like: ='1';DROP Table SMARTSOLVE.V_QXP_ALL_EXCEPTION;--

继续阅读:datasource

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9