异常详细信息: System.Data.SqlClient.SqlException: ',' 附近有语法错误。
这问题整了很久了始终解决不了,跪求各位大神,求解决,这里面有文章的评论功能,每次我点评论提交,就出现这问题,不知如何解决!!!
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
namespace GROUP.Blog
{
public partial class showMainPage : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox title;
protected System.Web.UI.WebControls.Button Button1;
SqlConnection myConn;
public string bgcolor;
public string tcolor;
protected void Page_Load(object sender, System.EventArgs e)
{
if (IsSafe(Request.QueryString["id"],2)==false)
{
Response.Write("参数不正确,<a href=BlogIndex.aspx>点此返回</a>");
Response.End();
}
string connstr = ConfigurationSettings.AppSettings["conStr"];
string sql = "select * from news where n_id=" +Request.QueryString["id"]+"";
string cmd_sql = "select top 10 * from news where n_iscmd=1 order by n_id desc";
myConn = new SqlConnection(connstr);
SqlDataAdapter myCmd = new SqlDataAdapter(sql,myConn);
SqlDataAdapter classCmd = new SqlDataAdapter("select c_id,c_name from Category",myConn);
SqlDataAdapter cmdCmd = new SqlDataAdapter(cmd_sql,myConn);
DataSet ds = new DataSet();
myCmd.Fill(ds,"文章查看");
DataSet classds = new DataSet();
classCmd.Fill(classds,"类别列表");
DataSet cmdds = new DataSet();
cmdCmd.Fill(cmdds,"推荐文章");
NewsShow.DataSource = new DataView (ds.Tables[0]);
NewsShow.DataBind();
ClassList.DataSource = new DataView(classds.Tables[0]);
ClassList.DataBind();
CmdList.DataSource = new DataView(cmdds.Tables[0]);
CmdList.DataBind();
UpdateHit();
if (Request.Cookies["colors"]!=null)
{
string test = Request.Cookies["colors"].Value;
String[] colorList = test.Split(new char[] { ',' });
bgcolor = colorList[0];
tcolor = colorList[1];
}
else
{
bgcolor = "#FFDE94";
tcolor = "#efe3ce";
}
Page.DataBind();
}
/// <summary>
/// 更新点击次数。
/// </summary>
public void UpdateHit()
{
string up_sql = "update news set n_hit=n_hit+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
/// <summary>
/// 获得评论。
/// </summary>
public void getReplay()
{
Response.Write ("<table width=100% border=0 cellspacing=0 cellpadding=0>");
SqlCommand myCmd = new SqlCommand("select * from replay where n_id=" + Request.QueryString["id"] + "", myConn);
myConn.Open();
SqlDataReader read = myCmd.ExecuteReader();
while (read.Read())
{
Response.Write ("<tr height=25><td bgcolor=eeeeee><div align=center><font style='FONT-SIZE: 12px' color=red>"+ read[2].ToString() +"</font></div></td></tr><tr height=30><td><font style='FONT-SIZE: 12px'>"+ read[3].ToString() +"</font></td></tr><tr><td bgcolor=f8f8f8><div align=right><font style='FONT-SIZE: 12px'>"+ read[1].ToString() +"评论于"+ read[4].ToString() +"</font></div></td></tr>");
}
Response.Write ("</table>");
myConn.Close();
}
public bool IsSafe (string str, int prama)
{
if (prama==1)
{
if (Regex.IsMatch(str,"[0-9]"))
{
return true;
}
else
{
return false;
}
}
else
{
if (str.IndexOf("and")>0 || str.IndexOf("or")>0 || str.IndexOf("'")>0)
{
return false;
}
else
{
return true;
}
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
}
#endregion
/// <summary>
/// 评论提交。
/// </summary>
protected void replay_Click(object sender, System.EventArgs e)
{
if (IsPostBack)
{
if (r_nick.Text.Trim()=="" || r_title.Text.ToString().Trim()=="" || r_content.Value.Trim()=="")
{
Response.Write("<div align=center><li>昵称,标题,内容不能为空!</li><li><a href=javascript:history.back()>点此返回</a>");
Response.End();
}
else
{
string sql = "insert into replay (r_nick,r_title,r_content,r_date,n_id) values ('"+ r_nick.Text +"','"+ r_title.Text +"','"+ r_content.Value +"','"+System.DateTime.Now +"',"+Request.QueryString["id"]+")";
SqlCommand myCmd = new SqlCommand(sql,myConn);
myConn.Open();
myCmd.ExecuteNonQuery();
myConn.Close();
add_Reply();
Response.Redirect(""+Request.QueryString["id"]+".aspx");
}
}
}
/// <summary>
/// 增加评论数。
/// </summary>
public void add_Reply()
{
string up_sql = "update news set n_re=n_re+1 where n_id=" +Request.QueryString["id"]+ "";
SqlCommand upCmd = new SqlCommand(up_sql,myConn);
upCmd.Connection.Open();
try
{
upCmd.ExecuteNonQuery();
}
catch
{
}
upCmd.Connection.Close();
}
}
}