将C#中的DateTIme更新为MS Access时出错? “语法错误” [英] Error on updating DateTIme in C# to MS Access ? "Syntax Error"
问题描述
我尝试在日期(InvoiceDate)中更新我的表单,导致语法错误。这是我的代码。帮帮我解决这个问题?
OleDbCommand top = new OleDbCommand( 更新NewInvoice_1 SET Terms = + CBL_Terms.EditValue.ToString()+ ,InvoiceDate = + CBL_Date.DateTime + , OurQuote =' + TXE_OurQuote.Text + ',SalesPerson = + CBL_Sales_Person。 EditValue.ToString()+ ,CustomerName = + CBL_Customer_Name.EditValue.ToString()+ ,OrderNumber =' + TXE_Order_Number.Text + ',InvoiceAddress =' + TXE_Invoice_Address.Text + ',DeliveryAddress =' + TXE_Delivery_Address.Text + ',WholeDiscountP = + Convert.ToDecimal(TXE_FlatDiscountP.Text)+ ,WholeDiscountA = + Convert.ToDecimal( TXE_FlatDiscountA.Text)+ ,ShippingP = + Convert.ToDecimal(TXE_ShippingPercentage.Text)+ ,ShippingA = + Convert.ToDecimal(TXE_ShippingAmount.Text)+ ,Price = + Convert.ToDecimal(TXE_SubTotal.Text)+ < span class =code-string>,Discount = + Convert.ToDecimal(TXE_Discount.Text)+ ,Tax = + Convert.ToDecimal(TXE_Tax.Text)+ ,Shipping = + Convert.ToDecimal(TXE_Shipping.Text)+ ,GrandTotal = + Convert.ToDecimal(TXE_GrandTotal.Text)+ ,TaxforDisc = + barCheckItem1.Checked + < span class =code-string> ,DiscountType =' + selectedItem + ',ShippingBy =' + TXE_Shipping_By.Text + ',ShipReferenceNo =' + TXE_Reference_No.Text + ',IsInsured = + CBX_Is_Insured.Checked + ,Notes =' + TXE_Notes.Text + ',DueDate = + CBL_DueDate.DateTime + ,金额inWords =' + TXE_AmountinWords.Text + 'WHERE InvoiceId = + TXE_Unvisible。文字,conn);
top.ExecuteNonQuery();
提前感谢。
这种编写查询的方式从一开始就是错误的。您正在编写一个查询连接从UI获取的字符串的查询。在其他问题中,您可以通过这种方式邀请一个名为 SQL注入的知名漏洞利用程序。这是如下:
http://xkcd.com/327 [ ^ ]。
如需了解更多详情,请参阅我的过去答案:
在com.ExecuteNonQuery()中更新EROR; ; [ ^ ],
你的名字没有显示名字? [ ^ ]。
这是你需要做的:http://msdn.microsoft.com/en-us/library/ff648339.aspx [< a href =http://msdn.microsoft.com/en-us/library/ff648339.aspxtarget =_ blanktitle =New Window> ^ ]。
-SA
对于任何日期字段,请使用#
arround日期。
替换:
DueDate = + CBL_DueDate.DateTime +
附:
< pre lang =c#> DueDate =# + CBL_DueDate.DateTime +#... < span class =code-string>
日期应格式化为ISO标准:MM / dd / yyyy
其中:
MM
- 月
dd
- 天
yyyy
- 年
看看这里:查询标准的示例ia [ ^ ]
在Access查询中使用日期作为条件的示例 [ ^ ]
通常,您需要使用参数化查询。请参阅我的过去的答案 [ ^ ]。
[/ EDIT]
Hi, I try to update my form in that dateedite (InvoiceDate) getting Syntax error. This is my code. Help me to solve this ?
OleDbCommand top = new OleDbCommand("UPDATE NewInvoice_1 SET Terms = " + CBL_Terms.EditValue.ToString() + ", InvoiceDate= " + CBL_Date.DateTime + ", OurQuote='" + TXE_OurQuote.Text + "', SalesPerson=" + CBL_Sales_Person.EditValue.ToString() + ", CustomerName=" + CBL_Customer_Name.EditValue.ToString() + ", OrderNumber='" + TXE_Order_Number.Text + "', InvoiceAddress='" + TXE_Invoice_Address.Text + "', DeliveryAddress='" + TXE_Delivery_Address.Text + "', WholeDiscountP=" + Convert.ToDecimal(TXE_FlatDiscountP.Text) + ", WholeDiscountA=" + Convert.ToDecimal(TXE_FlatDiscountA.Text) + ", ShippingP=" + Convert.ToDecimal(TXE_ShippingPercentage.Text) + ", ShippingA=" + Convert.ToDecimal(TXE_ShippingAmount.Text) + ", Price=" + Convert.ToDecimal(TXE_SubTotal.Text) + ", Discount=" + Convert.ToDecimal(TXE_Discount.Text) + ", Tax=" + Convert.ToDecimal(TXE_Tax.Text) + ", Shipping=" + Convert.ToDecimal(TXE_Shipping.Text) + ", GrandTotal=" + Convert.ToDecimal(TXE_GrandTotal.Text) + ", TaxforDisc=" + barCheckItem1.Checked + ", DiscountType='" + selectedItem + "', ShippingBy='" + TXE_Shipping_By.Text + "',ShipReferenceNo='" + TXE_Reference_No.Text + "', IsInsured=" + CBX_Is_Insured.Checked + ", Notes='" + TXE_Notes.Text + "', DueDate=" + CBL_DueDate.DateTime + ", AmountinWords='" + TXE_AmountinWords.Text + "' WHERE InvoiceId=" + TXE_Unvisible.Text, conn);
top.ExecuteNonQuery();
Thank in advance.
This way of writing queries is wrong from the very beginning. You are composing a query concatenating strings taken from UI. Among other problems, this way, you invite a well-known exploit called SQL injection. This is how:
http://xkcd.com/327[^].
For further detail, please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].
This is what you need to do: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].
—SA
For any date field, use#
arround the date.
Replace:
DueDate=" + CBL_DueDate.DateTime + "
With:
DueDate=#" + CBL_DueDate.DateTime + "# ..."
Date should be formatted in ISO standard:MM/dd/yyyy
where:
MM
- month
dd
- day
yyyy
- year
Have a look here: Examples of query criteria[^]
Examples of using dates as criteria in Access queries[^]
[EDIT]
As a rule, you need to use parameterized queries. See my past answers[^].
[/EDIT]
这篇关于将C#中的DateTIme更新为MS Access时出错? “语法错误”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!