'<' 附近的语法不正确。标签“xmlns”;已经宣布了。标签名称在查询批处理或存储过程中必须是唯一的

发布于 2025-01-01 18:00:17 字数 915 浏览 5 评论 0 原文

我从 xml 格式的数据库中获取一个字符串,并尝试使用以下查询更新 xml:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);

但它给了我错误消息:

'<' 附近的语法不正确。 标签“xmlns”已被声明。标签名称在查询批处理或存储过程中必须是唯一的。 对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。 对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。 对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。 对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。 对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。

我感觉它可能与引号有关,但我不确定。我尝试过不同的选项,如单引号、混合引号等。

例如,如果我这样做:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);

这会将消息中的双引号永久更新为单引号吗?我不想这样做。

I am getting a string from a database that is in xml format and trying to update the xml with the following query:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);

but it gives me the error message:

Incorrect syntax near '<'.
The label 'xmlns' has already been declared. Label names must be unique within a query batch or stored procedure.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.

I have a feeling it might have something to do with the quotes, but I am not sure. I have tried different options like single quotes, mixture,etc.

For example, if I do:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);

Would this permanently update the double quotes in the message to single quotes. I don't want to do this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

多像笑话 2025-01-08 18:00:17

是的,看起来您缺少消息周围的引号:

ExecuteNonQuery("Update Logs SET Message = '" + encryptedMessage + "' WHERE ID = " + message.Id);

XML 本身可能也有单引号,因此您可能需要转义这些单引号(例如,将消息内的一个单引号更改为两个单引号)

Yes, it looks like you are missing the quotes around the message:

ExecuteNonQuery("Update Logs SET Message = '" + encryptedMessage + "' WHERE ID = " + message.Id);

The XML itself probably has single quotes in it as well, so you may need to escape those (e.g. change one single quote to two single quotes inside the message)

晨敛清荷 2025-01-08 18:00:17

正如@Tomek 提到的,你应该使用参数化查询。它更安全,并且不需要进行 @Dan Sueava 的答案中建议的转换。

    SqlCommand command = 
     new SqlCommand("Update Logs SET Message = @EncryptedText WHERE ID = @MessageId");
    command.Parameters.AddWithValue("@EncryptedText", encryptedMessage);
    command.Parameters.AddWithValue("@MessageId", message.Id);

    command.ExecuteNonQuery();

As @Tomek mentioned you should use parameterized queries. It is more secure and removes the need for doing the conversions suggested in @Dan Sueava's answer.

    SqlCommand command = 
     new SqlCommand("Update Logs SET Message = @EncryptedText WHERE ID = @MessageId");
    command.Parameters.AddWithValue("@EncryptedText", encryptedMessage);
    command.Parameters.AddWithValue("@MessageId", message.Id);

    command.ExecuteNonQuery();
始终不够爱げ你 2025-01-08 18:00:17

请改用参数化查询和命令对象,您的 cryptoMessage 可能包含破坏 UPDATE 语句语法的字符。

Use parametrized query and command object instead, your encryptedMessage might contain characters which break the syntax of your UPDATE statement.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文