What's wrong in this SELECT query?

2023-02-02 00:07 问答作者：

Dim cmdSelect As New SqlCommand("SELECT DI开发者_JAVA技巧STINCT [seat_remain] FROM [a1_ticket] WHERE serv_code =" & lab5.Text & "ORDER BY [Ticket_no] DESC", SQLData)

You are using string concatenation for constructing your SQL query instead of parametrized queries or stored procedures. That's what is wrong with it. Here's how to improve it:

Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT DISTINCT [seat_remain] FROM [a1_ticket] WHERE serv_code = @serv_code ORDER BY [Ticket_no] DESC", SQLData)
cmdSelect.Parameters.AddWithValue("@serv_code", lab5.Text)

Now your query will work and not only this but it is safe against SQL injection.

Missing quote :

Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT DISTINCT [seat_remain] FROM [a1_ticket] WHERE serv_code ='" & lab5.Text & "' ORDER BY [Ticket_no] DESC", SQLData)

继续阅读：ado.net asp.net tsql

What's wrong in this SELECT query?

更多精彩内容

精彩评论

最新问答

央视是哪个频道？

请问买过的朋友，舒提啦旅行箱实际使用体验如何？？

检查不孕不育需要的费用？

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

问答排行榜

河神2九牛入海钓河妖是第几集河妖什么来历可活吞牛？

性激素六项检查的最佳时间是多久？多少钱？？

Easiest way to get words of one line from istream into a vector?

《梦在燃烧 (《三国演义》动画片主题曲)》MP3歌词-汤子星？

抽烟只抽炫赫门？