UPDATE语句中的语法错误。 (MS Access) [英] Syntax error in UPDATE statement. (MS Access)
本文介绍了UPDATE语句中的语法错误。 (MS Access)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
public void Update()
{
OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Employees.mdb");
conn.Open();
OleDbCommand cmd = new OleDbCommand("UPDATE [employee] SET ([Name],[Jobtitle],[Company])Values ('" + Name + "','" + Jobtitle + "','" + Company + "') where [EmpID] = '" + EmpID + "'", conn);
//OleDbCommand cmd = new OleDbCommand(" update Employee set Name = '" + Name + "',Jobtitle = '" + Jobtitle + "',Company = '" + Company + "' where EmpID = '" + EmpID + "'", conn);
cmd.ExecuteNonQuery();
conn.Close();
}
推荐答案
首先,不要那样做。不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
这样做可能会解决您的问题,但您也不应该使用名称作为列或表的名称 - 它是一个ACCESS关键字,也可能导致问题。 FullName或类似内容也更具描述性。
First off, don't do it like that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
The chances are that doing that will fix your problem, but you should also not use "Name" as the name of a column or table - it's an ACCESS keyword, and that may also cause problems. "FullName" or similar is a lot more descriptive as well.
正如Griff所说,你需要修复 SQL注入 [ ^ ]漏洞在您的代码中。
您还需要修复命令的语法 - 您当前拥有的内容与的语法不匹配更新声明 [ ^ ]。
您还应该在<$中包装连接和命令对象c $ c>使用块,以确保在每种情况下都能正确清理它们。
As Griff said, you need to fix the SQL Injection[^] vulnerability in your code.
You also need to fix the syntax of your command - what you currently have does not match the syntax of theUPDATEstatement[^].
You should also wrap the connection and command objects inusingblocks, to ensure that they get cleaned up properly in every case.
public void Update()
{
using (OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Employees.mdb"))
using (OleDbCommand cmd = new OleDbCommand("UPDATE [employee] SET [Name] = ?, [Jobtitle] = ?, [Company] = ? WHERE [EmpID] = ?", conn))
{
// The OleDbCommand doesn't use named parameters;
// only the order matters here:
cmd.Parameters.AddWithValue("p0", Name);
cmd.Parameters.AddWithValue("p1", Jobtitle);
cmd.Parameters.AddWithValue("p2", Company);
cmd.Parameters.AddWithValue("p3", EmpID);
conn.Open();
cmd.ExecuteNonQuery();
}
}
我想告诉你我是新程序员。 ..
非常感谢所有花的人从他/她的时间给我一个解决方案,它现在正在工作,我希望完成我的第一个数据库程序。
I want to tell you that i am new programmer...
Thanks a lot to everybody who spent from his/her time to give me a solution, it is working now i hope to finish my first database program.
这篇关于UPDATE语句中的语法错误。 (MS Access)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
