如何编写查询 [英] How to Write the query
本文介绍了如何编写查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
con.Open();
SqlCommand cmd2 = new SqlCommand("Update diesel set SNO = '" + cb_sno.Text + "',Date = '" + dateTimePicker1.Text + "',Dieselcost = " + textBox1.Text + ",Dieselservice=" + txt_dieselservice.Text + ",Servicetax= " + txt_servicetax.Text + ",Educess = " + txt_educess.Text + ",Addcess = " + txt_addcess.Text + ",Sertax= " + txt_sertaxtot.Text + ",Totbill= " + txt_totbillvalue.Text + ",Flag='" + checkedListBox1.Text + "' where SNO = " + cb_sno.Text + " and Flag ="TRUE"", con);
cmd2.ExecuteNonQuery();
con.Close();
当我插入数据时发生错误.
请帮帮我.
上面是问题所在.
When I inserting data error occurs.
please help me.
from the above what is the problem.
推荐答案
可能是任何东西,从您上面一个文本框中的空格字符开始.
请不要那样做-您会很容易受到SQL注入攻击以及此类问题的影响.请改用参数化查询:
It could be anything, starting from a space character in one of your text boxes on up.
Please don''t do it like that - you leave yourself wide open to an SQL Injection attack as well as to problems like this. Use a parametrized query instead:
SqlCommand cmd2 = new SqlCommand("Update diesel set SNO = @SNO,Date = @DAT,...", con);
cmd2.Parameters.AddWithValue("@SNO", cb_sno.Text);
cmd2.Parameters.AddWithValue("@DAT", dateTimePicker1.Value);
...
cmd2.ExecuteNonQuery();这也使代码更具可读性.
It also makes the code a whole lot more readable.
请参见代码段和Flag ="TRUE""
在这里,如果您要使用双引号,则应使用\否则将其视为多余的字符串.
Hi,
See the code snippet "and Flag = "TRUE""
Here if you want to use double quote then you should use like \" other wise it will treat as an extra string.
您可以尝试批量更新...
希望此链接可以帮助您...
http://www.jarloo.com/c-bulk-upsert-to-sql -server-tutorial/ [ ^ ]
http://www.java2s.com/Tutorial/CSharp/0560__ADO.Net/BatchUpdateDemo.htm [ ^ ]
http://social.msdn.microsoft.com/Forums/eu/csharplanguage/thread/d0454666-1a7d-4c17-8c96-270b99ca4e4e [
You can try Batch update...
And hope this link can help you...
http://www.jarloo.com/c-bulk-upsert-to-sql-server-tutorial/[^]
http://www.java2s.com/Tutorial/CSharp/0560__ADO.Net/BatchUpdateDemo.htm[^]
http://social.msdn.microsoft.com/Forums/eu/csharplanguage/thread/d0454666-1a7d-4c17-8c96-270b99ca4e4e[^]
这篇关于如何编写查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
