(我的SQL语句是: string sql = "SELECT * FROM BaseUser WHERE LoginName='" + LoginName + "' AND LoginPassword='" + LoginPwd + "'";)“/”应用程序中的服务器错误。
--------------------------------------------------------------------------------第 1 行: '(' 附近有语法错误。
说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Data.SqlClient.SqlException: 第 1 行: '(' 附近有语法错误。源错误:
行 104: Database db = DatabaseFactory.CreateDatabase();
行 105: DbCommand cmd = new SqlCommand(sql);
行 106: DataSet ds = db.ExecuteDataSet(cmd); ----------就是这行
行 107: return ds;
行 108:
源文件: E:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\Wczy.Framework\DbHelpSQL.cs 行: 106
[SqlException (0x80131904): 第 1 行: '(' 附近有语法错误。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +925466
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +800118
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +186
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1932
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +31
System.Data.SqlClient.SqlDataReader.get_MetaData() +62
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +297
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +1005
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +132
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +122
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +7
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +141
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +137
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +86
Microsoft.Practices.EnterpriseLibrary.Data.Database.DoLoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +630
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +99
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String tableName) +67
Microsoft.Practices.EnterpriseLibrary.Data.Database.ExecuteDataSet(DbCommand command) +83
Wczy.Framework.DbHelperSQL.ExecuteDataSet(String sql) in E:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\Wczy.Framework\DbHelpSQL.cs:106
Index.SSBind() in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx.cs:40
ASP.index_aspx.__RenderContent1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx:13
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.masterpage_masterpage_master.__Renderform1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\MasterPage\MasterPage.master:71
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +59
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +68
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +37
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +29
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +26
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2558
--------------------------------------------------------------------------------
版本信息: Microsoft .NET Framework 版本:2.0.50727.1433; ASP.NET 版本:2.0.50727.1433
--------------------------------------------------------------------------------第 1 行: '(' 附近有语法错误。
说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Data.SqlClient.SqlException: 第 1 行: '(' 附近有语法错误。源错误:
行 104: Database db = DatabaseFactory.CreateDatabase();
行 105: DbCommand cmd = new SqlCommand(sql);
行 106: DataSet ds = db.ExecuteDataSet(cmd); ----------就是这行
行 107: return ds;
行 108:
源文件: E:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\Wczy.Framework\DbHelpSQL.cs 行: 106
[SqlException (0x80131904): 第 1 行: '(' 附近有语法错误。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +925466
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +800118
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +186
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1932
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +31
System.Data.SqlClient.SqlDataReader.get_MetaData() +62
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +297
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +1005
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +132
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +122
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +7
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +141
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +137
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +86
Microsoft.Practices.EnterpriseLibrary.Data.Database.DoLoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +630
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +99
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String tableName) +67
Microsoft.Practices.EnterpriseLibrary.Data.Database.ExecuteDataSet(DbCommand command) +83
Wczy.Framework.DbHelperSQL.ExecuteDataSet(String sql) in E:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\Wczy.Framework\DbHelpSQL.cs:106
Index.SSBind() in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx.cs:40
ASP.index_aspx.__RenderContent1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx:13
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.masterpage_masterpage_master.__Renderform1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\MasterPage\MasterPage.master:71
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +59
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +68
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +37
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +29
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +26
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2558
--------------------------------------------------------------------------------
版本信息: Microsoft .NET Framework 版本:2.0.50727.1433; ASP.NET 版本:2.0.50727.1433
public Wczy.Model.Base.BaseUser GetUserInfoByLogin(string LoginName, string LoginPwd)
{
string sql = "SELECT * FROM BaseUser WHERE LoginName='" + LoginName + "' AND LoginPassword='" + LoginPwd + "'";
Database db = DatabaseFactory.CreateDatabase();
IDataReader idr = db.ExecuteReader(CommandType.Text, sql);
if (idr.Read())
{
return ReaderBind(idr);
}
else
return null;
//DataSet ds = db.ExecuteDataSet(CommandType.Text, sql);
}
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Practices.EnterpriseLibrary.Data;
using Microsoft.Practices.EnterpriseLibrary.Common;
using System.Data;
using System.Data.SqlClient;
using System.Data.Common;namespace Wczy.Framework
{ /// <summary>
///
/// </summary>
public class DbHelperSQL
{
#region 存储过程操作
/// <summary>
/// 执行一个存储过程
/// </summary>
/// <param name="storedProcdureName">存储过程名称</param>
/// <returns></returns>
public static int RunProcedure(string storedProcdureName)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = db.GetStoredProcCommand(storedProcdureName);
return db.ExecuteNonQuery(cmd);
} /// <summary>
/// 招行一个存储过程
/// </summary>
/// <param name="storedProcdureName">存储过程名称</param>
/// <param name="sps">存储过程参数列表</param>
/// <returns>受影响的条数</returns>
public static int RunProcedure(string storedProcdureName, SqlParameter[] sps)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = db.GetStoredProcCommand(storedProcdureName);
LoadParameter(db, cmd, sps);
return db.ExecuteNonQuery(cmd);
} static void LoadParameter(Database db, DbCommand cmd, params SqlParameter[] sps)
{
for (int i = 0; i < sps.Length; i++)
db.AddInParameter(cmd, sps[i].ParameterName, sps[i].DbType, sps[i].Value);
}
public static DataSet Search(int PageIndex, int PageSize, string SortField, string SortType, string TableName, string strWhere,string FieldsList, out int RecCount)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = db.GetStoredProcCommand("up_search");
db.AddInParameter(cmd, "PageIndex", DbType.Int32, PageIndex);
db.AddInParameter(cmd, "PageSize", DbType.Int32, PageSize);
db.AddInParameter(cmd, "SortField", DbType.String, SortField);
db.AddInParameter(cmd, "SortType", DbType.String, SortType);
db.AddInParameter(cmd, "TableName", DbType.String, TableName);
db.AddInParameter(cmd, "StrWhere", DbType.String, strWhere);
db.AddInParameter(cmd, "FieldsList", DbType.String, FieldsList);
db.AddOutParameter(cmd, "TotalCount", DbType.Int32, 4);
DataSet ds = db.ExecuteDataSet(cmd);
RecCount = DataConvert.ToInt32(db.GetParameterValue(cmd, "TotalCount"));
return ds;
}
#endregion
#region 招待简单SQL语句 public static int ExecuteNonQuery(string sql)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = new SqlCommand(sql);
return db.ExecuteNonQuery(cmd); } public static object ExecuteScaler(string sql)
{ Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = new SqlCommand(sql);
return db.ExecuteScalar(cmd);
} public static IDataReader ExecuteDatareader(string sql)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = new SqlCommand(sql);
return db.ExecuteReader(cmd);
} public static DataSet ExecuteDataSet(string sql)
{
Database db = DatabaseFactory.CreateDatabase();
DbCommand cmd = new SqlCommand(sql);
DataSet ds = db.ExecuteDataSet(cmd);
return ds; } /// <summary>
/// 将DataTable转换成JSON对象
/// </summary>
/// <param name="dt"></param>
/// <returns></returns> public static string JSONDataTable(DataTable dt)
{ StringBuilder JsonString = new StringBuilder(); if (dt != null && dt.Rows.Count > 0)
{
JsonString.Append("[");
for (int i = 0; i < dt.Rows.Count; i++)
{
JsonString.Append("{ ");
for (int j = 0; j < dt.Columns.Count; j++)
{
if (j < dt.Columns.Count - 1)
{
JsonString.Append("\"" + dt.Columns[j].ColumnName.ToString() + "\":" + "\"" + dt.Rows[i][j].ToString() + "\",");
}
else if (j == dt.Columns.Count - 1)
{
JsonString.Append("\"" + dt.Columns[j].ColumnName.ToString() + "\":" + "\"" + dt.Rows[i][j].ToString() + "\"");
}
}
/**/
/*end Of String*/
if (i == dt.Rows.Count - 1)
{
JsonString.Append("} ");
}
else
{
JsonString.Append("}, ");
}
}
JsonString.Append("]");
return JsonString.ToString();
}
else
{
return null;
}
}
#endregion
}
}
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using Wczy.Framework;
using Wczy.BLL;
using Wczy.Model.Base;public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ }
protected void ibtn_Login_Click(object sender, ImageClickEventArgs e)
{
string LoginName = txtLoginName.Text.Trim();
string LoginPwd = txtLoginPwd.Text.Trim(); BaseUser baseUser = Wczy.BLL.BaseUserBLL.GetUserInfoByLogin(LoginName, LoginPwd);
if (baseUser == null)
{
Wczy.Framework.JScriptManage.MessageBoxExecute(this, "登录失败,请检查您的用户名和密码!", "history.go(-1)");
return;
}
else
{
Session["BaseUser"] = baseUser;
if (string.IsNullOrEmpty(Request.QueryString["url"]))
Response.Redirect("/index.aspx");
else
Response.Redirect(Request.QueryString["url"]);
}
}
}
第 1 行: '(' 附近有语法错误。
说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Data.SqlClient.SqlException: 第 1 行: '(' 附近有语法错误。源错误:
行 104: Database db = DatabaseFactory.CreateDatabase();
行 105: DbCommand cmd = new SqlCommand(sql);
行 106: DataSet ds = db.ExecuteDataSet(cmd);
行 107: return ds;
行 108:
堆栈跟踪:
[SqlException (0x80131904): 第 1 行: '(' 附近有语法错误。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +925466
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +800118
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +186
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1932
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +31
System.Data.SqlClient.SqlDataReader.get_MetaData() +62
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +297
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +1005
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +132
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +122
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +7
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +141
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +137
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +86
Microsoft.Practices.EnterpriseLibrary.Data.Database.DoLoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +630
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String[] tableNames) +99
Microsoft.Practices.EnterpriseLibrary.Data.Database.LoadDataSet(DbCommand command, DataSet dataSet, String tableName) +67
Microsoft.Practices.EnterpriseLibrary.Data.Database.ExecuteDataSet(DbCommand command) +83
Wczy.Framework.DbHelperSQL.ExecuteDataSet(String sql) in E:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\Wczy.Framework\DbHelpSQL.cs:106
Index.SSBind() in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx.cs:40
ASP.index_aspx.__RenderContent1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\Index.aspx:13
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.masterpage_masterpage_master.__Renderform1(HtmlTextWriter __w, Control parameterContainer) in e:\我的文件\李辉 毕业设计\我的毕业设计+论文\万策进销存\Wanczy09\UI\MasterPage\MasterPage.master:71
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +59
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +68
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +37
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +29
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +26
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2558
这种拼接sql语句的方式很容易被注入出错的
用文本可视化工具查看sql竟然变成下面的语句:select top(6) s.billId,s.saleBillCode,s.saleDate,case s.billstate when 0 then '制单' when 1 then '提交审核' when 2 then '已审核' when 3 then '审核不通过' when 4 then '反审' when 5 then '在途' when 6 then '结单' else '已转为销售单' end as auditStatus,s.EnterMan from ssbill s where Flag=1 and billstate<6 AND EnterMan='lihui' order by billid desc , billstate asc 然后这个语句在查询分析器里执行就会出现:第 1 行: '(' 附近有语法错误。
" when 1 then '提交审核' when 2 then '已审核' when 3 then '审核不通过' " +
" when 4 then '反审' when 5 then '在途' when 6 then '结单'" +
" else '已转为销售单' end as auditStatus,s.EnterMan from ssbill s where Flag=1 and billstate<6 AND EnterMan='" + bUser.LoginName + "' order by billid desc , billstate asc ";这个SQL语句哪里有错呢?
SELECT * FROM ...怎么会变成select top(6) ...不可思议。当然,top(6) 要改为 top 6