SqlCommand cmd = new SqlCommand("UPDATE Records [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
问问题
1076 次
4 回答
3
您错过了“设置”关键字:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
于 2013-08-11T06:14:20.527 回答
3
其他人指出了SET您的 SQL 命令中缺少的关键字,但到目前为止(令人惊讶的是)没有人指出您也适合 SQL 注入。我建议使用参数化查询来消除这种威胁:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]=@FirstName, [Last Name]=@LastName,[Middle Initial]=@MiddleInitial,Gender=@Gender,Address=@Address,Status=@Status,Year=@Year,Email=@Email,Course=@Course,[Contact Number]=@ContactNumber WHERE ([Student ID]=@StudentID)", con);
cmd.Parameters.AddWithValue("@FirstName", textBox2.Text);
cmd.Parameters.AddWithValue("@LastName", textBox3.Text);
cmd.Parameters.AddWithValue("@MiddleInitial", comboBox1.Text);
cmd.Parameters.AddWithValue("@Gender", comboBox2.Text);
cmd.Parameters.AddWithValue("@Address", textBox4.Text);
cmd.Parameters.AddWithValue("@Status", comboBox3.Text);
cmd.Parameters.AddWithValue("@Year", comboBox4.Text);
cmd.Parameters.AddWithValue("@Email", textBox5.Text);
cmd.Parameters.AddWithValue("@Course", comobBox5.Text);
cmd.Parameters.AddWithValue("@ContactNumber", textBox6.Text);
cmd.Parameters.AddWithValue("@StudentID", textBox1.Text);
cmd.ExecuteNonQuery();
con.Close();
于 2013-08-11T06:31:10.723 回答
2
我相信这应该是
SqlCommand cmd = new SqlCommand("UPDATE Records set [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
不同的是“设置”这个词
于 2013-08-11T06:14:31.620 回答
0
更新查询的语法错误。您可能忘记添加“SET”关键字。
更新查询语法可以在这里找到:- http://www.tutorialspoint.com/sql/sql-update-query.htm
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
于 2013-08-11T06:21:35.580 回答