将数据库中的数据显示到标签

Question

我正在尝试在标签中显示数据库中的数据（银行名称）。

每个用户在费率表中有四个银行 ID。我想从银行表中检索他们的名字。用户 id 是会话变量。

查询命令是正确的，但是当我添加会话变量时出现错误。

异常详细信息：System.Data.SqlClient.SqlException：'=' 附近的语法不正确。

来源错误：
第 26 行：str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id='" + Session["UserName"] + "'" ;
第 27 行：com = new SqlCommand(str, con);
第 28 行：SqlDataReader reader = com.ExecuteReader();
第 29 行：
第 30 行：reader.Read();

代码：

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

namespace Displaying_Data_From_Db_to_Label
{
    public partial class _Default : System.Web.UI.Page
    {
        string strConnString = ConfigurationManager.ConnectionStrings["AdminConnectionString"].ConnectionString;
        string str;
        SqlCommand com;

        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(strConnString);
            con.Open();
            str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id='" + Session["UserName"] + "'";
            com = new SqlCommand(str, con);
            SqlDataReader reader = com.ExecuteReader();

            reader.Read();
            labelname1.Text = reader["bank_name"].ToString();

            reader.Read();
            labelname2.Text = reader["bank_name"].ToString();

            reader.Read();
            labelname3.Text = reader["bank_name"].ToString();

            reader.Close();
            con.Close();
        }
    }
}

Aspx 标记：

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="Displaying_Data_From_Db_to_Label._Default" %>

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml" >
 <head id="Head1" runat="server">
     <title>Untitled Page</title>
 </head>
 <body>
     <form id="form1" runat="server">
     <div>
     <asp:Label ID="labelname1" runat="server" Text="Label"></asp:Label>
     <asp:Label ID="labelage1" runat="server" Text="Label"></asp:Label><br />
     <asp:Label ID="labelname2" runat="server" Text="Label"></asp:Label>
     <asp:Label ID="labelage2" runat="server" Text="Label"></asp:Label><br />
     <asp:Label ID="labelname3" runat="server" Text="Label"></asp:Label>
     <asp:Label ID="labelage3" runat="server" Text="Label"></asp:Label>
     </div>
     </form>
 </body>
 </html>

Answer 1

对于初学者，请使用参数化的 SQL 语句。这将使您的代码更安全，并有可能摆脱错误。

        str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id=@UserName";
        com = new SqlCommand(str, con);
        object obj = Session["UserName"]; // add watch and break point
        int username = Convert.ToInt32(obj);
        com.Parameters.Add(new SqlParameter("UserName", username ));
        SqlDataReader reader = com.ExecuteReader();

免责声明：此代码示例没有错误处理，请先将其包装在 try/catch 中，然后再在生产代码中尝试

Answer 2

你肯定有无效的语法。试试这个：

str = "select bank_name from bank, rate, [user] where((bank.bank_id=rate.bank_id)and(user.user_id=rate.user_id) AND (user.user_id='" + Session["UserName"] + "'))";

Answer 3

这是代码：

protected void Button1_Click(object sender, EventArgs e)
{

SqlConnectioncon=newSqlConnection(ConfigurationManager.ConnectionStrings["CRMConnectionString"].ConnectionString);


   String SQL = "SELECT UserName,Password FROM Login";
   SqlDataAdapter Adpt = new SqlDataAdapter(SQL, con);
   DataSet login = new DataSet();
   Adpt.Fill(login);

   foreach (DataRow dr in login.Tables[0].Rows)
   {
       Label3.Text += login.Tables[0].Rows[0]["USerName"].ToString() + "<br />";
       Label4.Text += login.Tables[0].Rows[1]["Password"].ToString() + "<br />";

   }
  }