我已经尝试过代码项目同事讨论的更新查询但没有结果 [英] I have tried the update query as discussed by code project colleagues but no result
问题描述
我试图更新查询,但是我想要Innerjoin语句不成功
cmd = new OleDbCommand(UPDATE InvoiceItems set Description ='+ txtProductName +',Quantity ='+ txtQty.Text +',UOM ='+ txtUOM.Text +',UnitPrice ='+ txtUnitPrice.Text +',GrossAmount ='+ txtGrossAmount.Text +',VAT ='+ txtVAT。 Text +',VatAmount ='+ txtVatAmount.Text +',Total ='+ txtTotal.Text +',来自InvoiceItems,Products INNERJOIN InvoiceItems.ProductId = Products.ProductId where InvoiceNumber ='+ txtInvoice.Text .Trim()+',conn);
我尝试过:
cmd = new OleDbCommand(UPDATE InvoiceItems set Description ='+ txtProductName +',Quantity ='+ txtQty.Text +',UOM ='+ txtUOM.Text +',UnitPrice ='+ txtUnitPrice.Text +',GrossAmount ='+ txtGrossAmount.Text +',VAT ='+ txtVAT.Text +',VatAmount ='+ txtVatAmount.Text + ,Total ='+ txtTotal.Text +',来自InvoiceItems,Products INNERJOIN InvoiceItems.ProductId = Products.ProductId其中InvoiceNumber ='+ txtInvoice.Text.Trim()+',conn);
I have tried to update the query but it was unsuccessful I want Innerjoin statements
cmd = new OleDbCommand("UPDATE InvoiceItems set Description ='" + txtProductName + "',Quantity = '" + txtQty.Text + "',UOM = '" + txtUOM.Text + "',UnitPrice ='" + txtUnitPrice.Text + "',GrossAmount ='" + txtGrossAmount.Text + "',VAT = '" + txtVAT.Text + "',VatAmount ='" + txtVatAmount.Text + "',Total ='" + txtTotal.Text + "', from InvoiceItems,Products INNERJOIN InvoiceItems.ProductId = Products.ProductId where InvoiceNumber='" + txtInvoice.Text.Trim() + "'", conn);
What I have tried:
cmd = new OleDbCommand("UPDATE InvoiceItems set Description ='" + txtProductName + "',Quantity = '" + txtQty.Text + "',UOM = '" + txtUOM.Text + "',UnitPrice ='" + txtUnitPrice.Text + "',GrossAmount ='" + txtGrossAmount.Text + "',VAT = '" + txtVAT.Text + "',VatAmount ='" + txtVatAmount.Text + "',Total ='" + txtTotal.Text + "', from InvoiceItems,Products INNERJOIN InvoiceItems.ProductId = Products.ProductId where InvoiceNumber='" + txtInvoice.Text.Trim() + "'", conn);
推荐答案
我很确定他们会告诉你的第一件事是:不要那样做。永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
并查看JOIN子句的语法:INNER JOIN tableName optionalTableAlias ON条件WHERE ...
不INNERJOIN条件WHERE ...
I'm pretty sure that the first thing they would have told you is: Don't do it like that. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And have a look at the syntax of a JOIN clause:INNER JOIN tableName optionalTableAlias ON condition WHERE ...
notINNERJOIN condition WHERE ...
这篇关于我已经尝试过代码项目同事讨论的更新查询但没有结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!