49

我有表 “学生”

   P_ID   LastName  FirstName  Address  City

   1        Hansen    Ola                
   2        Svendson   Tove
   3        Petterson   Kari
   4        Nilsen       Johan
...and so on

如何更改 C# 中的编辑代码

 string firstName = "Ola";
 string  lastName ="Hansen";
 string  address = "ABC";
 string city = "Salzburg";

 string connectionString = System.Configuration.ConfigurationManager
                          .ConnectionStrings["LocalDB"].ConnectionString;

 using (SqlConnection connection = new SqlConnection(connectionString))
     using (SqlCommand command = connection.CreateCommand())
 { 
   command.CommandText = "INSERT INTO Student (LastName, FirstName, Address, City) 
                          VALUES (@ln, @fn, @add, @cit)";

   command.Parameters.AddWithValue("@ln", lastName);
   command.Parameters.AddWithValue("@fn", firstName);
   command.Parameters.AddWithValue("@add", address);
   command.Parameters.AddWithValue("@cit", city);

   connection.Open();

   command.ExecuteNonQuery();

   connection.Close();
 }

编辑Lastname字段具有 lastname 值且FirstName字段具有 firstname 值的条目。

我不想这样使用

 UPDATE Persons  SET Address='Nissestien 67', City='Sandnes' 
 WHERE LastName='Tjessem'     AND FirstName='Jakob'

我将我原来的声明编辑为

 command.CommandText = "UPDATE Student(LastName, FirstName, Address, City) 
   VALUES (@ln, @fn, @add, @cit) WHERE LastName='" + lastName + 
                           "' AND FirstName='" +  firstName+"'";

但是语句没有被执行,为什么会抛出 SQL 异常?有没有解决办法?

4

10 回答 10

79

这不是在 SQL 中更新记录的正确方法:

command.CommandText = "UPDATE Student(LastName, FirstName, Address, City) VALUES (@ln, @fn, @add, @cit) WHERE LastName='" + lastName + "' AND FirstName='" + firstName+"'";

你应该这样写:

command.CommandText = "UPDATE Student 
SET Address = @add, City = @cit Where FirstName = @fn and LastName = @add";

然后添加与为插入操作添加参数相同的参数。

于 2013-03-06T11:32:41.263 回答
29

我不想这样使用

这是UpdateSQL 中语句的语法,您必须使用该语法,否则您将得到异常。

command.Text = "UPDATE Student SET Address = @add, City = @cit Where FirstName = @fn AND LastName = @ln";

然后相应地添加您的参数。

command.Parameters.AddWithValue("@ln", lastName);
command.Parameters.AddWithValue("@fn", firstName);
command.Parameters.AddWithValue("@add", address);
command.Parameters.AddWithValue("@cit", city);
于 2013-03-06T11:31:13.847 回答
6 
string constr = @"Data Source=(LocalDB)\v11.0;Initial Catalog=Bank;Integrated Security=True;Pooling=False";
SqlConnection con = new SqlConnection(constr);
DataSet ds = new DataSet();
con.Open();
SqlCommand cmd = new SqlCommand(" UPDATE Account  SET name = Aleesha, CID = 24 Where name =Areeba and CID =11 )";
cmd.ExecuteNonQuery();
于 2014-04-26T17:45:47.260 回答
5

如果您不想使用 SQL 语法(您被迫这样做),那么请切换到您自己不编写 SQL 语句的框架,如 Entity Framework 或 Linq-to-SQL。

于 2013-03-06T11:33:02.837 回答
5

每种语言总是有适当的语法。同样,SQL(结构化查询语言)也有更新查询的特定语法,如果我们想使用更新查询,我们必须遵循这些语法。否则它不会给出预期的结果。

于 2013-03-06T11:44:59.903 回答
5

请不要使用这种 concat 形式:

String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text
        + "WHERE supplier_id = " + textBox1.Text;

采用:

command.Parameters.AddWithValue("@attribute", value);

始终面向对象工作

编辑:这是因为当您参数化更新时,它有助于防止 SQL 注入。

于 2016-09-12T23:02:47.650 回答
3 
command.Text = "UPDATE Student 
  SET Address = @add, City = @cit
  Where FirstName = @fn and LastName = @add";

 

于 2016-01-28T16:18:12.787 回答
2 
private void button4_Click(object sender, EventArgs e)
    {
        String st = "DELETE FROM supplier WHERE supplier_id =" + textBox1.Text;

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            MessageBox.Show("刪除成功");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
    }



    private void button6_Click(object sender, EventArgs e)
    {
        String st = "SELECT * FROM suppliers";

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            SqlDataReader reader = sqlcom.ExecuteReader();
            DataTable datatable = new DataTable();
            datatable.Load(reader);
            dataGridView1.DataSource = datatable;
            //MessageBox.Show("LEFT OUTER成功");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
    }
于 2015-11-07T09:09:30.847 回答
0

如果您使用的是 EF Core ,那么您可以使用 FromSqlRaw 这是一个示例。

使用 Robin 的更新字符串,只需在末尾添加 SELECT STATEMENT。

字符串 st = "更新供应商 SET 供应商 ID = " + textBox1.Text + ",供应商名称 = " + textBox2.Text + "WHERE 供应商 ID = " + textBox1.Text; 从供应商那里选择 ID WHERE supplier_Id =“+ textBox1,Text

var updatedSupplier = context.Supplier.FromSqlRaw(st).ToList();

(请注意这是使用 EF Core ,数据表有 Id 列)

于 2022-01-14T21:36:34.513 回答
-2 
String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text
            + "WHERE supplier_id = " + textBox1.Text;

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            MessageBox.Show("update successful");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
于 2015-11-02T08:48:42.880 回答