从文本框中更新MySQL表 [英] Updating MySQL table from a textbox
本文介绍了从文本框中更新MySQL表的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好,更新查询有问题,我没有收到任何异常或任何东西,但是当我单击提交"然后回头看表时,没有任何更新,我在文本框中键入的内容
我的代码如下:
hi all, having a problem with an update query I ain''t getting any exceptions or anything but when I click on submit and then go look back at the table nothing is updated that I typed into the textboxes
my code is as follows:
protected void btnSubmit_Click(object sender, EventArgs e)
{
connstring = "Server=localhost;Uid=root;Pwd=;Database=dreamteam;";
con = new MySql.Data.MySqlClient.MySqlConnection(connstring);
con.Open();
cmd = new MySql.Data.MySqlClient.MySqlCommand("UPDATE member_detail SET first_name='" + tbFirstName.Text + "', surname='" + tbSurname.Text + "', address_1='" + tbAddress1.Text + "', address_2='" + tbAddress2.Text + "', address_3='" + tbAddress3.Text + "', postal_code='" + tbPostal_code.Text + "', tel_number='" + tbHome.Text + "', cell_number='" + tbCell.Text + "', email='" + tbEmail.Text + "', id_number='" + tbIDNumber.Text + "', bank='" + tbBank.Text + "', bank_account='" + tbBank_Account.Text + "', branch_code='" + tbBranch_code.Text + "' WHERE account_number LIKE '______" + Session["username"] + "'", con);
cmd.ExecuteNonQuery();
}
帮助将不胜感激,谢谢
NB *它从MySql表获取数据和所有内容,并在文本框中显示它,但是当您更改数据并尝试提交新数据时,它不起作用
help would be appreciated thanks
NB* it gets the data and everything from the MySql table and displays it in the textboxes but when you change the data and try submit the new data it doesnt work
推荐答案
主要问题可能是您的WHERE子句-检查它是否与数据库中的至少一条记录匹配,否则您将不会出错,但同样也不会得到更新的行.您可以从ExecuteNonQuery检查返回值,该值是受影响的行数.如果为零,那么您知道它什么也没做...
但更重要的是:不要串联字符串来构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.您的代码本身使我可以从世界的另一端清空整个数据库,而我全力以赴.
The main problem is probably your WHERE clause - check that it matches at least one record in the database, otherwise you will get no errors, but equally you will get no updated rows. You can check the return value from ExecuteNonQuery, which is the number of rows affected. If zero, then you know it didn''t do anything...
But much, much more importantly: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Your code as it is allows me to empty your whole database from the other side of the world with no effort on my part at all.
这篇关于从文本框中更新MySQL表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
