我一直收到这个错误:MySql。数据MySqlClient。MySqlException:'您的SQL语法有错误;在第1行的"Feature:SecurityTesting@mytag Scenario:SQL Injection Given I visit"附近,查看与MySQL服务器版本对应的手册,以获得正确的语法
参数Gherkin是导致查询失败的原因。我都试过了?和@作为参数前缀,没有任何变化。
这是我的代码:
string CommandText = " INSERT INTO Feature(`Path`, Gherkin, RepoID, `Name`, Updated) VALUES (?Path, ?Gherkin , ?RepoID, ?Name, ?Updated) ON DUPLICATE KEY UPDATE Gherkin = VALUES(?Gherkin); ";
using (MySqlConnection connection = new MySqlConnection())
{
connection.ConnectionString = ConfigurationManager.ConnectionStrings["TAF_DB"].ConnectionString;
using (MySqlCommand command = new MySqlCommand())
{
var gherkinParam = new MySqlParameter("Gherkin", test.Gherkin);
//var gherkinParam = new MySqlParameter("Gherkin", MySqlDbType.VarChar);
var pathParam = new MySqlParameter("Path", MySqlDbType.VarChar);
var RepoIDParam = new MySqlParameter("RepoID", MySqlDbType.Int64);
var nameParam = new MySqlParameter("Name", MySqlDbType.VarChar);
var updatedParam = new MySqlParameter("Updated", MySqlDbType.VarChar);
gherkinParam.Value = test.Gherkin;
command.Parameters.Add(gherkinParam);
pathParam.Value = test.Path;
command.Parameters.Add(pathParam);
RepoIDParam.Value = test.RepoID;
command.Parameters.Add(RepoIDParam);
nameParam.Value = test.Name;
command.Parameters.Add(nameParam);
updatedParam.Value = test.Updated;
command.Parameters.Add(updatedParam);
command.Connection = connection;
command.CommandType = CommandType.Text;
command.CommandText = CommandText;
connection.Open();
command.ExecuteNonQuery();
connection.Close();
}
}
您应该在函数VALUES()中使用列Gherkin的名称,而不是命名参数?Gherkin:
UPDATE Gherkin = VALUES(Gherkin)