使用csharp更新查询错误 [英] Update query error using csharp

问题描述

数据库设计结构如下;



课程代码文本

课程持续时间文本

小时文本< br $>




在运行模式下设计如下

Cmn_Minor_Code textbox1

Course_Duration textbox2

Allocated_Hours textbox3



i我在数据库中插入上述数据。它工作正常，没问题。





我正在使用更新查询更新数据库中的课程持续时间和Allocated_Hours。



更新查询如下;



sql =更新Tb_SCH_Faculty_Details set [Course_Duration，Allocated_Hours] =''+ textbox2.Text +''，''+ textbox3 .Text +''where Cmn_Minor_Code =''+ txt_coursecode.Text +'';



当我运行上面的代码时显示错误如下



更新语句中的语法错误。



什么是我的更新查询中的问题，

请帮帮我。



问候和谢谢，

Narasiman P

Database Design structure as follows;

Course Code text
Course Duration text
Hours text


Design as follows in run mode
Cmn_Minor_Code textbox1
Course_Duration textbox2
Allocated_Hours textbox3

i am inserting the above data in the database. it is working fine, no problem.


I am updating the course Duration and Allocated_Hours in the database using update query.

Update query as follows;

sql = "Update Tb_SCH_Faculty_Details set [Course_Duration,Allocated_Hours] = ''" + textbox2.Text + "'',''" + textbox3 .Text + "'' where Cmn_Minor_Code = ''" + txt_coursecode.Text + "''";

when i run the above code shows error as follows

Syntax error in update statment.

what is the problem in my update query,
please help me.

Regards & Thanks,
Narasiman P

推荐答案

将您的查询更改为：

Change your query to:

sql = "Update Tb_SCH_Faculty_Details set Course_Duration= '" + textbox2.Text + 
"',Allocated_Hours = '" + textbox3 .Text + "' where Cmn_Minor_Code = '" + txt_coursecode.Text + "'";

这将解决您的直接问题，但请不要那样做！不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

which will cure your immediate problem, but please, don''t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

这篇关于使用csharp更新查询错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！