我从 xml 格式的数据库中获取一个字符串,并尝试使用以下查询更新 xml:
ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);
但它给了我错误消息:
'<' 附近的语法不正确。
标签“xmlns”已被声明。标签名称在查询批处理或存储过程中必须是唯一的。
对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。
对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。
对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。
对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。
对象或列名称缺失或为空。对于 SELECT INTO 语句,验证每列都有一个名称。对于其他语句,请查找空别名。不允许将别名定义为“”或[]。将别名更改为有效名称。
我感觉它可能与引号有关,但我不确定。我尝试过不同的选项,如单引号、混合引号等。
例如,如果我这样做:
ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);
这会将消息中的双引号永久更新为单引号吗?我不想这样做。
I am getting a string from a database that is in xml format and trying to update the xml with the following query:
ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);
but it gives me the error message:
Incorrect syntax near '<'.
The label 'xmlns' has already been declared. Label names must be unique within a query batch or stored procedure.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
I have a feeling it might have something to do with the quotes, but I am not sure. I have tried different options like single quotes, mixture,etc.
For example, if I do:
ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);
Would this permanently update the double quotes in the message to single quotes. I don't want to do this.
发布评论
评论(3)
是的,看起来您缺少消息周围的引号:
XML 本身可能也有单引号,因此您可能需要转义这些单引号(例如,将消息内的一个单引号更改为两个单引号)
Yes, it looks like you are missing the quotes around the message:
The XML itself probably has single quotes in it as well, so you may need to escape those (e.g. change one single quote to two single quotes inside the message)
正如@Tomek 提到的,你应该使用参数化查询。它更安全,并且不需要进行 @Dan Sueava 的答案中建议的转换。
As @Tomek mentioned you should use parameterized queries. It is more secure and removes the need for doing the conversions suggested in @Dan Sueava's answer.
请改用参数化查询和命令对象,您的 cryptoMessage 可能包含破坏 UPDATE 语句语法的字符。
Use parametrized query and command object instead, your encryptedMessage might contain characters which break the syntax of your UPDATE statement.