更新命令不起作用 - 语法错误 [英] Update command does not working-Syntax error

问题描述

Dim cb As New OleDb.OleDbCommandBuilder（da）

Dim cb As New OleDb.OleDbCommandBuilder(da)

ds.Tables("Transport2003").Rows(inc).Item(1) = TxtDate.Text
       ds.Tables("Transport2003").Rows(inc).Item(2) = TxtFreightSlipNo.Text
       ds.Tables("Transport2003").Rows(inc).Item(3) = ComboBox1.SelectedValue
       ds.Tables("Transport2003").Rows(inc).Item(4) = TxtTo.Text
       ds.Tables("Transport2003").Rows(inc).Item(5) = TxtRatePerTon.Text
       ds.Tables("Transport2003").Rows(inc).Item(6) = TxtRatePerTrip.Text
       ds.Tables("Transport2003").Rows(inc).Item(7) = ComboBox2.SelectedValue.ToString
       ds.Tables("Transport2003").Rows(inc).Item(8) = ComboBox3.SelectedValue.ToString
       ds.Tables("Transport2003").Rows(inc).Item(9) = TxtTon.Text
       ds.Tables("Transport2003").Rows(inc).Item(10) = ComboBox4.SelectedValue.ToString
       ds.Tables("Transport2003").Rows(inc).Item(11) = TxtExtra.Text
       ds.Tables("Transport2003").Rows(inc).Item(12) = TxtTrips.Text
       ds.Tables("Transport2003").Rows(inc).Item(13) = TxtActualWeight.Text
       ds.Tables("Transport2003").Rows(inc).Item(14) = TxtBillWeight.Text
       ds.Tables("Transport2003").Rows(inc).Item(15) = TxtAmount.Text

da.Update（ds，Transport2003）'在这里收到错误 - Sytax错误



当我从combobox1.selectedValue中选择值时，自动值来自TxtTo .Text和

da.Update(ds, "Transport2003")'getting error here-Sytax error

when i select value from combobox1.selectedValue then automatically value comes from TxtTo.Text and

 when Update by changing selected value from combobox1.selectedvalue
i got error syntax error in da.Update ("")

combobox1的后续程序：

follwing procedure of combobox1:

Private Sub ComboBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ComboBox1.SelectedIndexChanged
        Try
            con.Open()


            sql = "select * from Rates where From ='" + ComboBox1.Text + "'"
            sqlcmd = New OleDb.OleDbCommand(sql, con)
            reader = sqlcmd.ExecuteReader

            While reader.Read

                TxtTo.Text = reader.Item("To")
                TxtRatePerTon.Text = reader.Item("RatesPerTon")
                TxtRatePerTrip.Text = reader.Item("RatesPerTrip")
            End While
            reader.Close()

        Catch ex As Exception
            MessageBox.Show(ex.Message)

推荐答案

select * from Rates where From =

一般来说，用sql语言的保留字命名列是个坏主意（来自）。



在这种情况下，你应该将你的专栏名称括在[]和/或用它的全部限定符来限定它：

In general, that is a bad idea to name a column with a reserved word of the sql language (from).

In this case, you should enclose your column name between [ ] and/or qualify it with it's full qualifier:

select * from Rates where [Rates].[From] =

此外，通过连接用户输入的字符串来构造一个sql查询是一种可怕的做法，就像你正在做的那样;它让您的代码打开SQL注入攻击。更好地使用参数化查询，这将确保没有人能够以您首先想要的方式对您的数据库采取行动。在这个网站的参数化查询论坛上有很多例子，你只需要快速搜索这些单词。

Moreover, it is a terrible practice to construct a sql query by concatenating strings from user input like you are doing ; it leaves your code opened to SQL injection attacks. Better use parameterized queries which will ensure that nobody can act on your database in a way you would not have wanted in the first place. There are plenty of examples on this site's forums of parameterized queries, you just have to do a quick search for these words.

这篇关于更新命令不起作用 - 语法错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！