0

我有以下代码将在同一行中设置 2 个值,它真的很简单,但我不知道如何将它组合到一个查询中

 Dim cnn As New SqlConnection
            Dim sqlcmd As New SqlCommand("SELECT catalogid, delivered,nodilivary FROM supporder", cnn)
            sqlcmd.CommandText = "update supporder SET delivered=@delivered WHERE catalogid=@catalogid"
            sqlcmd.Parameters.Add(New SqlParameter("@delivered", GridControl2.GetCellValue(currentrowindex, "delivered")))
            sqlcmd.Parameters.Add(New SqlParameter("@catalogid", GridControl2.GetCellValue(currentrowindex, "catalogid")))
            cnn.Open()
            sqlcmd.ExecuteNonQuery()
            sqlcmd.Parameters.Clear()
            cnn.Close()
            sqlcmd.CommandText = "update supporder SET nodilivary=@nodilivary WHERE catalogid=@catalogid"
            sqlcmd.Parameters.Add(New SqlParameter("@nodilivary", GridControl2.GetCellValue(currentrowindex, "nodilivary")))
            sqlcmd.Parameters.Add(New SqlParameter("@catalogid", GridControl2.GetCellValue(currentrowindex, "catalogid")))
            cnn.Open()
            sqlcmd.ExecuteNonQuery()
            sqlcmd.Parameters.Clear()
            cnn.Close()
4

2 回答 2

2

使用逗号分隔要更新的每个字段。

UPDATE supporder SET nodilivary=@nodilivary, delivered=@delivered WHERE catalogid=@catalogid
于 2012-10-08T01:39:47.253 回答
1

尝试这个:

Dim cnn As New SqlConnection

Dim sql as String = string.Format("update supporder set delivered={0}, nodilivary={1} where catalogid={2}", _
                    GridControl2.GetCellValue(currentrowindex, "delivered")  _
                    GridControl2.GetCellValue(currentrowindex, "nodilivary") _
                    GridControl2.GetCellValue(currentrowindex, "catalogid") )           


Dim sqlcmd As New Sqlsql, cnn)
cnn.Open()
sqlcmd.ExecuteNonQuery()
sqlcmd.Parameters.Clear()
cnn.Close()

我手边没有VB,但这应该非常接近。

编辑:

这是上面使用命令参数的版本,它(感谢评论)再次简单地防御 SQL 注入,并且比上面的代码更安全:

Dim cnn As New SqlConnection

Dim sql as String = "update supporder set delivered=@delivered, nodilivary=@nodilivary where catalogid=@catalogid"

Dim sqlcmd As New Sql(sql, cnn)
sqlcmd.Parameters.Add(New SqlParameter("@delivered", GridControl2.GetCellValue(currentrowindex, "delivered"))
sqlcmd.Parameters.Add(New SqlParameter("@nodilivary", GridControl2.GetCellValue(currentrowindex, "nodilivary"))
sqlcmd.Parameters.Add(New SqlParameter("@catalogid", GridControl2.GetCellValue(currentrowindex, "catalogid"))
cnn.Open()
sqlcmd.ExecuteNonQuery()
sqlcmd.Parameters.Clear()
cnn.Close()
于 2012-10-08T01:42:05.173 回答