【发布时间】:2017-07-10 09:10:20
【问题描述】:
我的程序正在处理的一些记录正在日志表中创建一条记录,内容如下:
仪器:“s”附近的语法不正确。字符串')))'后的非右引号。
代码使用内联查询,将字符串变量的值连接到 SELECT 和 SubQueries 中的 WHERE 子句。
代码:
SQL = "SELECT instrument_id, description, sub_category_of, meta_instrument" _
& " FROM instruments " _
& " WHERE (instrument_id IN " _
& " (SELECT instrument_id " _
& "FROM instruments " _
& "WHERE (description = '" & strn & "'))) " _
& "OR (instrument_id IN " _
& " (SELECT sub_category_of " _
& " FROM instruments AS instruments_1 " _
& " WHERE (description = '" & strn & "'))) " _
& "OR (instrument_id IN " _
& " (SELECT meta_instrument " _
& " FROM instruments AS instruments_1 " _
& " WHERE (description = '" & strn & "')))"
对 sql server 执行的实际查询:
SELECT instrument_id, description, sub_category_of, meta_instrument _
FROM instrument_ref
WHERE (instrument_id IN
(SELECT instrument_id
FROM instruments
WHERE (description = 'Women's Choir')))
OR (instrument_id IN
(SELECT sub_category_of
FROM instruments AS instruments_1
WHERE (description = 'Women's Choir')))
OR (instrument_id IN
(SELECT meta_instrument
FROM instruments AS instruments_1
WHERE (description = 'Women's Choir')))
我想就如何处理单引号寻求帮助,以便更正此错误。我是在“strn”变量中转义它,还是在内联查询中转义?
非常感谢。
【问题讨论】:
-
用''替换'
-
使用参数提供您的信息以避免这些问题。
-
...这些问题以及许多其他问题
-
您也可以将您的描述包含在 QUOTENAME 中,如下所示:
WHERE (description = QUOTENAME('" & strn & "'))
标签: sql sql-server vb.net