'('附近的语法不正确 [英] incorrect syntax near '('
本文介绍了'('附近的语法不正确的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在通过从label9获取值来更新我的记录但是我收到错误''附近的语法不正确。我检查了每一行代码,但遗憾的是未能解决这个问题。我不知道知道问题出在哪里。以下是我的代码。
I am updating my record by taking the value from label9 but i am getting an error "Incorrect syntax near '(' ". I have checked each and every line of code but unfortunately failed to solve this problem. I don't know where the problem is.following is my code.
SqlCommand insertingbill = new SqlCommand();
insertingbill.CommandText = "Update customerdetails set(bill)value('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";
insertingbill.Connection = con;
insertingbill.ExecuteNonQuery();
推荐答案
您的更新声明不正确,请参见下文。
另外,连接字符串va lues是一种运行查询的危险方式。您将自己开放给 Sql注入 [ ^ ]。使用参数化查询 [ ^ ]而不是。
Your update statement is incorrect, see below.
Also, concatenating string values is a dangerous way to run a query. You are leaving yourself open to Sql injection[^]. Use parameterized queries[^] instead.
SqlCommand insertingbill = new SqlCommand();
insertingbill.CommandText = "Update customerdetails set bill =@bill where contactnumber=@contactNumber";
insertingbill.Parameters.AddWithValue("@contactNumber",textBox2.Text);
insertingbill.Parameters.AddWithValue("@bill",label9.Text);
insertingbill.Connection = con;
insertingbill.ExecuteNonQuery();
您的查询格式不正确。
假设字段值bill,使用
Your query formatting is incorrect.
Assuming the field value isbill, use
insertingbill.CommandText = "Update customerdetails set bill = ('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";
insertionbill.CommandText =更新customerdetails set bill ='+ label9.Text +'where contactnumber = '+ textBox2.Text +';
insertingbill.CommandText = "Update customerdetails set bill='"+label9.Text+"' where contactnumber='" + textBox2.Text + "'";
这篇关于'('附近的语法不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
