1

我想要做的是,从 ASP.NET(框架 4)中,用户应该能够使用记录键更新 SQL 数据库中的现有记录。使用 Visual Studio 2010 (vb)

我在“\”附近收到语法错误,我有 2 个文本框: 1- 对于键 2-包含将发送到 SQL 服务器以更新此类列的信息 (Control_ClosedByRev)

Dim Con As New SqlConnection
Dim SQL As String
Dim com As SqlCommand = Con.CreateCommand
Dim KeyID As Integer
KeyID = TextBox1_UpdateDataReview.Text

Con.ConnectionString = "Data Source=WCRDUSMJEMPR9\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"
Con.Open()
SQL = "UPDATE ControlCharts set Control_ClosedByRev=" & TextBox2_UpdateDataReview.Text & " where ID_ControlCharts= " & KeyID
Dim cmd As New SqlCommand(SQL, Con)
'cmd.ExecuteScalar()
cmd.ExecuteNonQuery()
Label1_UpdateDataReview.Text = "Record Updated"

我尝试更改 cmd.execute,但它不起作用。提前致谢。

4

2 回答 2

2

首先,这很容易受到 SQL 注入的影响——读入它并改用参数化查询。

这里有一些示例代码可以提供帮助。 

    Con.ConnectionString = "Data Source=WCRDUSMJEMPR9\\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"
    Con.Open()
    SQL = "UPDATE ControlCharts set Control_ClosedByRev=@ClosedByRev where ID_ControlCharts=@Key"

    Dim cmd As New SqlCommand(SQL, Con)
    cmd.Parameters.AddWithValue("@ClosedByRev ", TextBox2_UpdateDataReview.Text)
    cmd.Parameters.AddWithValue("@Key", KeyID)
    cmd.ExecuteNonQuery()

祝你好运。

于 2013-01-17T17:51:15.027 回答
0

试试这个:在字符串前面加上“@”符号

 Con.ConnectionString = @"Data Source=WCRDUSMJEMPR9\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"

或逃脱斜线"Data Source=WCRDUSMJEMPR9\\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"

于 2013-01-17T17:50:48.210 回答