2

xml形式の文字列をデータベースから取得し、次のクエリでxmlを更新しようとしています。

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);

しかし、それは私にエラーメッセージを与えます:

Incorrect syntax near '<'. The label 'xmlns' has already been declared. Label names must be unique within a query batch or stored procedure. An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.

引用符と関係があるのではないかと思いますが、よくわかりません。一重引用符、混合など、さまざまなオプションを試しました。

たとえば、私がそうする場合:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);

これにより、メッセージ内の二重引用符が一重引用符に恒久的に更新されますか?私はこれをしたくありません。

4

3 に答える 3

4

Yes, it looks like you are missing the quotes around the message:

ExecuteNonQuery("Update Logs SET Message = '" + encryptedMessage + "' WHERE ID = " + message.Id);

The XML itself probably has single quotes in it as well, so you may need to escape those (e.g. change one single quote to two single quotes inside the message)

于 2012-02-03T17:08:14.960 に答える
2

@Tomek が述べたように、パラメータ化されたクエリを使用する必要があります。より安全で、@Dan Sueava の回答で提案されている変換を行う必要がなくなります。

    SqlCommand command = 
     new SqlCommand("Update Logs SET Message = @EncryptedText WHERE ID = @MessageId");
    command.Parameters.AddWithValue("@EncryptedText", encryptedMessage);
    command.Parameters.AddWithValue("@MessageId", message.Id);

    command.ExecuteNonQuery();
于 2012-02-03T17:35:58.577 に答える
2

代わりにパラメーター化されたクエリとコマンド オブジェクトを使用してください。encryptedMessage には、UPDATE ステートメントの構文を壊す文字が含まれている可能性があります。

于 2012-02-03T17:06:50.620 に答える