在Windows应用程序中编辑datagridview [英] edit the datagridview in windows application

问题描述

private void button3_Click(object sender, EventArgs e)
        {

            for (int i = 0; i <= dataGridView1.Rows.Count - 1; i++)
            {

                string a = dataGridView1.Rows[i].Cells["ID"].Value.ToString();
                string b = dataGridView1.Rows[i].Cells["m3"].Value.ToString();
                string c = dataGridView1.Rows[i].Cells["edc"].Value.ToString();
                string d = dataGridView1.Rows[i].Cells["ss"].Value.ToString();
                string query = "UPDATE 3rdsem SET 3rdsem.ID='" + a + "',3rdsem.m3='" + b + "',3rdsem.edc='" + c + "',3rdsem.ss='" + d + "'where 3rdsem.ID='" + a + "'";
                string g = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Documents and Settings\\inet\\My Documents\\marks.accdb";
                OleDbConnection con = new OleDbConnection(g);
                con.Open();
                OleDbCommand cmd = new OleDbCommand(query, con);
                cmd.ExecuteNonQuery();
                con.Close();
            }


            MessageBox.Show("");

        }

一切正确，但我收到此错误，如何清除此错误?

All is correct but I got this error how I clear this error?

Syntax error (missing operator) in query expression '3rdsem.ID='1''.

请帮助我.

Please help me.

推荐答案

首先，我要告诉你我之前多次说过的话...使用PARAMETERIZED查询！ >

First of all, I am going to tell you what I have said way to many times before... Use PARAMETERIZED queries!

string id = "MyID";
// etc.
OleDbCommand cmd = new OleDbCommand("UPDATE 3rdsem SET 3rdsem.ID = @ID, 3rdsem.edc = @edc WHERE 3rdsem.ID = @ID", connection);
cmd.Parameters.AddWithValue("@ID", id);
// etc.

现在，您的参数(@ ID，@ edc等)将自动替换为您在另一行代码中指定的值.这样做的好处是，将缓存您的参数化查询，并且再次使用该参数的机会要大于非参数化查询的机会，从而提高了性能.但是让我们说性能不是问题，我认为安全性是问题！尝试将"D''artagnan"之类的值传递给您的查询.字符"很可能会打断您的查询.在最坏的情况下，该值不是"D''artagnan"，而是"* \ drop database"之类的东西，并且数据库消失了！但是，参数化查询不是这种情况:)
使用这种方法时，您也不必在所有值上调用.ToString. AddWithValue将对象作为参数.
有关更多信息，请检查此MSDN页面 [ 将查询参数化后，它看起来会好很多，不是吗? :)
希望对您有所帮助！

Your parameters (@ID, @edc etc.) will now automatically be replaced with the value you specified in the other line of code. The pro to this is that your parameterized query will be cached and the chances that it is re-used again is bigger than for non-parameterized queries, improving performance. But let''s say performance is not an issue, I think security is! Try passing a value like "D''artagnan" to your query. The '' character will most likely break your query. In the worst case the value is not "D''artagnan", but something like "*\ drop database" and gone your database will be! This is not the case for parameterized queries though :)
When you use this approach you also don''t have to call .ToString on all values. AddWithValue takes an Object as argument.
For more info check this MSDN page[^]

Now what I also wonder is why are you trying to update your ID to the value it already has?
Try this query: "UPDATE 3rdsem SET 3rdsem.m3 = @m3, 3rdsem.edc = @edc, 3rdsem.ss = @ss where 3rdsem.ID = @id"
Having that query parameterized makes it look a lot better, doesn''t it? :)
Hope it helps!

这篇关于在Windows应用程序中编辑datagridview的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！