string table = "City";
string query = "Select * from '"+table+"'";
这让我出现了错误,指出在“.”附近有不正确的符号。
然而,
string query = "Select * from City";
给出正确的输出。
string table = "City";
string query = "Select * from '"+table+"'";
这让我出现了错误,指出在“.”附近有不正确的符号。
然而,
string query = "Select * from City";
string query = "Select * from '"+table+"'";
将被替换为
string query = "Select * from " + table;
由于您的查询字符串不是 "Select * from City";
而是 "Select * from 'City'";
,因此您遇到了错误。
string table = "City";
string query = string.format("Select * from {0}", table);
string table = "City";
//You don't need to have single quote...
string query = " Select * From " + table;
Where
条件,请按照以下方式进行操作。//Where clause only needs single quotes, to define the SQL parameter value in between...
string query = " Select * From " + table + " Where CityId = '" + cityId + "'";
table
变量有控制权,您应该按照@madcow69的建议进行操作,但我建议添加分隔符,这样您始终具有有效的分隔标识符(例如,如果您的表名是“order”或任何其他SQL保留字)。string table = "City";
string query = string.format("Select * from [{0}]", table);
表格(table)
是以下内容呢?string table = "City]; DROP DATABASE [YourDB";
string table ="City"
string query = "Select * from "+table;
string table = "City";
//You don't need to have single quote...
string query = " Select * From " + table;
string query = $"Select * from {table}";
然而,我强烈建议不要编写那样的查询语句,而是使用SQL参数。这将帮助您避免SQL注入攻击。