string Update = "UPDATE VehicleReport" +
"SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService ='"+textBox6.Text+"'" +
"WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
try
{
SqlConnection conn = new SqlConnection("Data Source=(local);Initial Catalog=FleetTrackingDatabase;Integrated Security=SSPI");
conn.Open();
SqlCommand cmd = new SqlCommand(Update, conn);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Updated");
conn.Close();
}
catch (System.Exception f)
{
MessageBox.Show(f.Message, "ERROR");
}
问问题
47 次
5 回答
1
至少这是不正确的:
string Update = "UPDATE VehicleReport" + "SET ...
您需要在 VehicleReport 和 Set 之间添加一个空格
string Update = "UPDATE VehicleReport " + "SET....
于 2013-11-03T07:37:12.963 回答
0
你可以试试这个,
string Update = "UPDATE VehicleReport SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService ='"+textBox6.Text+"'" + " WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
于 2013-11-03T07:41:43.283 回答
0
表名后缺少空格:
string Update = "UPDATE VehicleReport"
string Update = "UPDATE VehicleReport "
和以前一样WHERE
于 2013-11-03T07:37:27.277 回答
0
我真的很震惊有 4 个答案,但没有人提到参数化 sql 和 SQL 注入攻击,但无论如何..
正如其他人所提到的,你需要在你的SET和WHERE单词之前有空格。
但更重要的是,不要使用这种方式。当您在查询中使用字符串连接时,您的代码将为SQL Injection. 取而代之的是,您应该始终使用parameterizezd queries.
例如;
string Update = "UPDATE VehicleReport SET VehicleReg = @vehiclereg, CurrentOdometer = @current, NextService = @next WHERE Vehiclenum = @vehiclenum;";
SqlCommand cmd = new SqlCommand(Update, conn);
cmd.Parameters.AddWithValue("@vehiclereg", textBox1.Text);
cmd.Parameters.AddWithValue("@current", textBox5.Text);
cmd.Parameters.AddWithValue("@next", textBox6.Text);
cmd.Parameters.AddWithValue("@vehiclenum", comboBox1.Text);
于 2013-11-03T08:27:04.997 回答
0
添加空格
"UPDATE VehicleReport" +
" SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService='"+textBox6.Text+"'" +
" WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
于 2013-11-03T07:37:22.477 回答