帮助我如何解决此消息(UPDATE语句中的语法错误.)? [英] help me how can slove this message (Syntax error in UPDATE statement.)?
问题描述
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;
namespace WindowsFormsApplication35
{
public partial class Form3 : Form
{
public Form3()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
OleDbConnection cn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\qq.accdb;Persist Security Info=False");
cn.Open();
OleDbCommand cm=new OleDbCommand("UPDATE qq SET ahmed=''"+textBox1.Text+"'',ali="+textBox2.Text+",NOTE=''"+textBox3.Text+"'' WHERE ID="+comboBox1.Text,cn);
cm.ExecuteNonQuery();
cn.Close();
MessageBox.Show("done");
}
private void button2_Click(object sender, EventArgs e)
{
OleDbConnection cn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\qq.accdb;Persist Security Info=False");
OleDbDataAdapter da = new OleDbDataAdapter("select *from qq where ID=" + comboBox1.Text, cn);
DataSet ds = new DataSet();
da.Fill(ds, "qq");
textBox1.DataBindings.Add("text", ds, "qq.ahmed");
textBox2.DataBindings.Add("text", ds, "qq.ali");
textBox3.DataBindings.Add("text", ds, "qq.NOTE");
}
private void Form3_Load(object sender, EventArgs e)
{
OleDbConnection cn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\qq.accdb;Persist Security Info=False");
OleDbDataAdapter da = new OleDbDataAdapter("select ID from qq", cn);
DataSet ds = new DataSet();
da.Fill(ds, "qq");
comboBox1.DataSource = ds.Tables["qq"];
comboBox1.DisplayMember = "ID";
}
}
}
它在UPDATE语句中的框内语法错误中添加消息框(未处理OleDbException)之后在访问项中添加新列(注意)之前起作用. 我检查了所有内容,确定了
it work before add new column in acess (NOTE) after add messagebox (OleDbException was unhandled)inside the box Syntax error in UPDATE statement.
I checked every thing its Ok
推荐答案
您不应该使用
You shouldnt be using
"UPDATE qq SET ahmed=''"+textBox1.Text+"'',ali="+textBox2.Text+",NOTE=''"+textBox3.Text+"'' WHERE ID="+comboBox1.Text
这意味着如果我在textBox1.Text中编写Mc''Donald,它将在Update语句中将我弄错.
相反,您应该始终使用
Update qq Set ahmed=@pahmed....
您稍后使用
将其添加为参数
It means if I write Mc''Donald in textBox1.Text it will error me out in Update statement.
Rather you should always use
Update qq Set ahmed=@pahmed....
Which you later add as parameter using
cm.Parameters.Add(new SqlParameter("@pahmed", ...
我认为这将是更好的做法,因为它还会处理Sql Injection.
:cool:
I think this would be better practice as it will also take care of Sql Injection.
:cool:
可能是因为您缺少单引号,即此行
It is probably because you have missing single quotes i.e. this line
OleDbCommand cm=new OleDbCommand("UPDATE qq SET ahmed=''"+textBox1.Text+"'',ali="+textBox2.Text+",NOTE=''"+textBox3.Text+"'' WHERE ID="+comboBox1.Text,cn);
应该这样写
Should be written like this
OleDbCommand cm=new OleDbCommand("UPDATE qq SET ahmed=''"+textBox1.Text+"'',ali=''"+textBox2.Text+"'',NOTE=''"+textBox3.Text+"'' WHERE ID="+comboBox1.Text,cn);
您错过了textBox2.Text
周围的单引号
请让我知道这是否可以解决您的问题:).
you missed the single quotes around textBox2.Text
Please, let me know if this solves your problem :) .
而且我必须同意Abhishek Sur的做法,这是更好的方法:).
And i have to agree with Abhishek Sur this is a much better practice :).
这篇关于帮助我如何解决此消息(UPDATE语句中的语法错误.)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!