c# - Whats wrong with my MS Access Update Query?

Question

Here is my Query:

string Select = "Update DC set Password = '" + txtPass.Text + "' WHERE ID ="+Convert.ToInt32(cbxDocs.SelectedIndex + 1);
con = new OleDbConnection();
this.readconfile = new ReadConfigFile();
con.ConnectionString = this.readconfile.ConfigString(ConfigFiles.ProjectConfigFile);
con.Open();
cmd = new OleDbCommand(Select, con);
cmd.Connection = con;
cmd.ExecuteNonQuery();
con.Close();

I don't know what is wrong but it gives me an error message that "Syntax error in UPDATE STATEMENT". I have two fields in my table 'DC' ID and Password, nothing else.

Answer 1

PASSWORD 是保留字，将其括在方括号中，例如[Password]，因此您的查询应该像这样开始：

"Update DC set [Password]....

考虑使用参数化查询，这将使您免于Sql Injection

Answer 2

我认为你不需要 ' 在你的查询中，几乎每个 ddb 中都保留了密码。您可以使用参数来避免与 + Ex 的连接。

string pass = TxtPass.Text;
int s = cbxDocs.SelectedIndex+1;
string Select = "Update DC set Password = @a WHERE ID = @o";
OleDbCommand cmd = new OleDbCommand(Select, conn);
cmd.Paramaters.AddWithValue("@a", pass);
cmd.Parameters.AddWithValue("@o", s);
//everything else....