解决3113错误的SQL服务器 [英] Solve a 3113 error SQL server

问题描述

大家下午好。



我正在尝试使用VBA从Access应用程序更新SQL Server表。



这是VBA代码：



Querie =UPDATE dbo_pedidos_ventas SET Factura =& CStr（对开）& ，ClaveUbicacionAnt ='& strClave& 'WHERE Id_pedido =& CStr（NumPedido）

DoCmd.RunSQL（Querie）



变量folio（数字）和strClave（字符串）包含我需要注册的值，每个值都在相应的字段中。



当指令运行时，它会向我发送错误3113无法更新claveubicacionant;字段不可更新。



冲突中的字段是varchar（2）类型，我正在尝试为其分配一个双字符串。



我真的很感激有人可以给予的任何帮助或者在哪里寻找答案。



更正：问题应该有曾经：我怎样才能在SQL Server表中设置可更新的特定字段？



非常感谢。



我尝试过：



我一直在网上寻找答案，我要去继续尝试。

解决方案

由于你构建查询的方式，我们无法知道究竟是什么查询。

更改你的代码打印查询或使用调试器查看它。

当你得到它，尝试更新问题。

 Querie =   UPDATE dbo_pedidos_ventas SET Factura =&  CStr （作品集）&  ，ClaveUbicacionAnt ='& strClave&  'WHERE Id_pedido =&  CStr （NumPedido）

您遇到的另一个问题。

永远不要构建SQL通过连接字符串进行查询。迟早，您将使用用户输入来执行此操作，这会打开一个名为SQL注入的漏洞，这对您的数据库很容易并且容易出错。

名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃，那么这是一个SQL注入漏洞，崩溃是最少的问题，恶意用户输入，并且它被提升为具有所有凭据的SQL命令。

SQL注入 - 维基百科 [ ^ ]

SQL注入 [ ^ ]

按示例进行SQL注入攻击 [ ^ ]

PHP：SQL注入 - 手册 [ ^ ]

SQL注入预防备忘单 - OWASP [ ^ ]

我该怎么办？解释没有技术术语的SQL注入？ - 信息安全堆栈交换 [ ^ ]

Good afternoon everybody.

I´m trying to update a SQL Server table from an Access application, using VBA.

This is the VBA code:

Querie = "UPDATE dbo_pedidos_ventas SET Factura = " & CStr(folio) & ", ClaveUbicacionAnt = '" & strClave & "' WHERE Id_pedido = " & CStr(NumPedido)
DoCmd.RunSQL (Querie)

The variables "folio" (numeric) and "strClave" (string) contain the values I need to register, each one in its corresponding field.

When the instruction runs, it sends me an error 3113 "Cannot update claveubicacionant; field not updatable".

The field in conflict is type varchar(2) and I´m trying to assign a two-character string to it.

I'll really appreciate any help somebody could give or a tip to where to look for an answer.

CORRECTION: The question should have been: "How can I set updatable a particular field in a SQL Server table ?"

Thank you very much.

What I have tried:

I've been searching for an answer in Internet, and I'm going to keep trying.

解决方案

Because of the way you build the query, we can't know what is really that query.
Change your code to print the query or use the debugger to see it.
When you got it, try to update the question.

Querie = "UPDATE dbo_pedidos_ventas SET Factura = " & CStr(folio) & ", ClaveUbicacionAnt = '" & strClave & "' WHERE Id_pedido = " & CStr(NumPedido)

another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]

这篇关于解决3113错误的SQL服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！