62,041
社区成员
发帖
与我相关
我的任务
分享CS0019: 运算符“+”无法应用于“string”和“方法组”类型的操作数
string sql = "insert into Student_Xj (Xh, StuId, Xs, Zy, Nj, ClassName, Sfpx, Ssl, Ssh, Xz, XjBz, XjRegTime) Values(" + "'" + tbx_xh.Text.ToString() + "'," + "'" + id + "'," + "'" + ddl_bm.SelectedValue.ToString() + "'," + "'" + ddl_zy.SelectedValue.ToString() + "'," + "'" + ddl_nj.SelectedValue.ToString() + "'," + "'" + ddl_classname.SelectedValue.ToString() + "'," + "'" + ddl_sfpx.SelectedValue.ToString() + "'," + "'" + tbx_ssl.Text.ToString() + "'," + "'" + tbx_ssh.Text.ToString() + "'," + "'" + tbx_xz.Text.ToString() + "'," + "'" + tbx_xjbz.Text.ToString + "'," + "'" + DateTime.Now + "')";
红色部分是整型INT 数据!
各位老大哪里错了?
红色部分是整型INT 数据!
各位老大哪里错了?
...全文
请发表友善的回复…
发表回复
小明aa 2008-06-06
- 打赏
- 举报
眼都看花了
3楼的行
3楼的行
symbol441 2008-06-06
- 打赏
- 举报
string sql = "insert into Student_Xj (Xh, StuId, Xs, Zy, Nj, ClassName, Sfpx, Ssl, Ssh, Xz, XjBz, XjRegTime) Values(" + "'" + tbx_xh.Text.ToString() + "'," + id + "," + "'" + ddl_bm.SelectedValue.ToString() + "'," + "'" + ddl_zy.SelectedValue.ToString() + "'," + "'" + ddl_nj.SelectedValue.ToString() + "'," + "'" + ddl_classname.SelectedValue.ToString() + "'," + "'" + ddl_sfpx.SelectedValue.ToString() + "'," + "'" + tbx_ssl.Text.ToString() + "'," + "'" + tbx_ssh.Text.ToString() + "'," + "'" + tbx_xz.Text.ToString() + "'," + "'" + tbx_xjbz.Text.ToString + "'," + "'" + DateTime.Now + "')";
粗心导致的吧,tostring()为方法,在那里使用时你打漏了括号
粗心导致的吧,tostring()为方法,在那里使用时你打漏了括号
46539492 2008-06-06
- 打赏
- 举报
还有楼主直接这么写容易被sql注入攻击,建议参数化查询
46539492 2008-06-06
- 打赏
- 举报
在看看你其他的字符串参数的值有没有包含'的情况?
有的话
替换成两个单引号
string strText= textbox1.Text.Replace("'","'');
至于原因,楼主设置一个断点,获取完整的sql语句以后,拷到sql server的查询里面检查一下语法看看
就知道是什么原因了
有的话
替换成两个单引号
string strText= textbox1.Text.Replace("'","'');
至于原因,楼主设置一个断点,获取完整的sql语句以后,拷到sql server的查询里面检查一下语法看看
就知道是什么原因了
xxd88 2008-06-06
- 打赏
- 举报
去掉ID两边的'号还不行还是出错
编译器错误信息: CS0019: 运算符“+”无法应用于“string”和“方法组”类型的操作数
编译器错误信息: CS0019: 运算符“+”无法应用于“string”和“方法组”类型的操作数
wang520d 2008-06-06
- 打赏
- 举报
眼晕了。。
s208ping 2008-06-06
- 打赏
- 举报
string sql = "insert into Student_Xj (Xh, StuId, Xs, Zy, Nj, ClassName, Sfpx, Ssl, Ssh, Xz, XjBz, XjRegTime) Values(" + "'" + tbx_xh.Text.ToString() + "'," + id + "," + "'" + ddl_bm.SelectedValue.ToString() + "'," + "'" + ddl_zy.SelectedValue.ToString() + "'," + "'" + ddl_nj.SelectedValue.ToString() + "'," + "'" + ddl_classname.SelectedValue.ToString() + "'," + "'" + ddl_sfpx.SelectedValue.ToString() + "'," + "'" + tbx_ssl.Text.ToString() + "'," + "'" + tbx_ssh.Text.ToString() + "'," + "'" + tbx_xz.Text.ToString() + "'," + "'" + tbx_xjbz.Text.ToString + "'," + "'" + DateTime.Now + "')";
46539492 2008-06-06
- 打赏
- 举报
把id周围的单引号'去掉就ok,
加单引号,程序认为它是字符型,
当然就会出错
加单引号,程序认为它是字符型,
当然就会出错
46539492 2008-06-06
- 打赏
- 举报
string sql = "insert into Student_Xj (Xh, StuId, Xs, Zy, Nj, ClassName, Sfpx, Ssl, Ssh, Xz, XjBz, XjRegTime) Values(" + "'" + tbx_xh.Text.ToString() + "'," + id + "," + "'" + ddl_bm.SelectedValue.ToString() + "'," + "'" + ddl_zy.SelectedValue.ToString() + "'," + "'" + ddl_nj.SelectedValue.ToString() + "'," + "'" + ddl_classname.SelectedValue.ToString() + "'," + "'" + ddl_sfpx.SelectedValue.ToString() + "'," + "'" + tbx_ssl.Text.ToString() + "'," + "'" + tbx_ssh.Text.ToString() + "'," + "'" + tbx_xz.Text.ToString() + "'," + "'" + tbx_xjbz.Text.ToString + "'," + "'" + DateTime.Now + "')";
xxd88 2008-06-06
- 打赏
- 举报
呵呵谢谢楼上的兄弟!粗心导致的!在请问下如何参数查询防止SQL注入呢?
