您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在“UPDATE”附近使用正确的语法btechstudent_academics'SET'Tenth'= 93,'Twelveth'= 80,'Di [英] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE 'btechstudent_academics' SET 'Tenth'=93,'Twelveth'=80,'Di
本文介绍了您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在“UPDATE”附近使用正确的语法btechstudent_academics'SET'Tenth'= 93,'Twelveth'= 80,'Di的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试更新我的数据库,出现上面的错误..请指示我该怎么做..错误是
你的SQL语法有错误;查看对应的手册您的MySQL服务器版本正确使用'UPDATE'附近的语法btechstudent_academics'SET'Tenth'= 93,'Twelveth'= 80,'Diploma'= 0,'Gradua'在第1行
i am trying to update my database the above error appears..please suggest me what to do..error is
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE 'btechstudent_academics' SET 'Tenth'=93,'Twelveth'=80,'Diploma'=0,'Gradua' at line 1"
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using MySql.Data.MySqlClient;
using System.IO;
public partial class BtechSrtudentUpdate : System.Web.UI.Page
{
MySqlConnection conn1 = new MySqlConnection("Server=localhost;Database=test;Uid=root;Pwd=1234");
MySqlConnection conn2 = new MySqlConnection("Server=localhost;Database=test;Uid=root;Pwd=1234");
string r=" ";
protected void Page_Load(object sender, EventArgs e)
{
r = Request.QueryString["regd"];
Label2.Text = r;
TextBoxtRegd.Text = Request.QueryString["regd"];
TextBoxName.Text = Request.QueryString["name"];
txtDate.Text = Request.QueryString["Dob"];
TextBoxBatch.Text = Request.QueryString["Batch"];
TextBoxEmail.Text = Request.QueryString["Email"];
TextBoxMobile.Text = Request.QueryString["mobile"];
TextBoxParentName .Text = Request.QueryString["pname"];
TextBoxParentNumber.Text = Request.QueryString["pno"];
Branch .SelectedValue = Request.QueryString["Branch"];
TextBoxTenth.Text = Request.QueryString["Tenth"];
TextBoxTwelveth.Text = Request.QueryString["Twelveth"];
TextBoxDiploma.Text = Request.QueryString["dip"];
TextBoxGraduation.Text = Request.QueryString["grad"];
TextBoxBtech.Text = Request.QueryString["btech"];
TextBoxYeargap.Text = Request.QueryString["yeargap"];
TextBoxBacklog.Text = Request.QueryString["backlog"];
TextBoxSkills.Text = Request.QueryString["Skills"];
}
protected void Button1_Click(object sender, EventArgs e)
{
string r = Request.QueryString["regd"];
conn1.Open();
//conn2.Open();
Label2.Text = " "+TextBoxName.Text +" "+TextBoxTwelveth .Text ;
Label2.Visible = true;
string sql2 = "(UPDATE 'btechstudent_academics' "+"SET 'Tenth'=" + Convert.ToDouble(TextBoxTenth.Text) + ",'Twelveth'=" + Convert.ToDouble(TextBoxTwelveth.Text) + ",'Diploma'=" + Convert.ToDouble(TextBoxDiploma.Text) + ",'Graduation'=" + Convert.ToDouble(TextBoxGraduation.Text) + ",'Btech'=" + Convert.ToDouble(TextBoxBtech.Text) + ",'Yeargap'=" + Convert.ToInt32(TextBoxYeargap.Text) + ",'Backlog'=" + Convert.ToInt32(TextBoxBacklog.Text) + ",'Skills'='" + TextBoxSkills.Text + "' where [Regd_no]='"+TextBoxtRegd .Text +"')";
// string sql1 = "(UPDATE btechstudent_details SET [Sname]='" + TextBoxName.Text + "',[DOB]='" + txtDate.Text + "',[Batch]=" + Convert.ToInt16(TextBoxBatch.Text) + ",[Email]='" + TextBoxEmail.Text + "',[Phone]='" + TextBoxMobile.Text
// + "',[Parents_name]='" + TextBoxParentName.Text + "',[Parents_Number]='" + TextBoxParentNumber.Text + "',[Branch]='"+Branch.SelectedItem .ToString () +"' WHERE [Regd_no]='"+ TextBoxtRegd.Text +"')";
// string sql2 = "(update btechstudent_academics where Regd_no='" + TextBoxtRegd.Text + "')";
MySqlCommand cmd2 = new MySqlCommand(sql2, conn1);
//MySqlCommand cmd2 = new MySqlCommand(sql2, conn2);
try
{
Response.Write("HI");
cmd2.ExecuteNonQuery();
}
catch (Exception x)
{ Label1.Text = " " + x.Message; }
finally
{
conn1.Close();
}
}
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
}
protected void TextBoxBacklog_TextChanged(object sender, EventArgs e)
{
}
protected void TextBoxTenth_TextChanged(object sender, EventArgs e)
{
}
protected void TextBox9_TextChanged(object sender, EventArgs e)
{
}
}
推荐答案
我建议你像在那里一样停止构建SQL语句:
- 在SQL语句中作为文字的列值会导致您遇到的错误。
- 列值为SQL语句中的文字为SQL注入攻击打开了大门。
- 连接SQL语句使它们难以阅读和维护。在你的情况下,几乎不可能。
而是使用SQL-Parameters。 此处的简单示例。 [ ^ ]
我建议你这样做,如果你仍然得到同样的错误,请回来再问一遍。但是发布整个SQL语句 - 你在这里显示的摘录不允许识别错误。
编辑:
我认为错误的原因是:MySQL的SQL语句中的标识符(例如表名或列名)必须使用后退来引用:`
或者,如果启用选项ANSI_QUOTES,则使用双引号:
您使用表格的单引号:'
btechstudent_academics'
所以我认为它应该适用于`
btechstudent_academics`
或者如果没有,那么btechstudent_academics
如需进一步阅读,请参阅此处:架构对象名称 [ ^ ]
I urge you to stop building SQL-Statements the way you did there:
- Column values as literals in SQL-Statements lead to errors like the one you experience here.
- Column values as literals in SQL-Statements open the door for SQL-Injection-Attacks.
- Concatenating SQL-Statements makes them hard to read and maintain. In your case above, near impossible.
Instead, use SQL-Parameters. Simple Example here.[^]
I would suggest you do that and if you then still get the same error, come back and ask again. But post the whole SQL-Statement then - the excerpt you're showing here doesn't allow for identifying the error.
edit:
I think the cause of the error is this: Identifiers (e.g. table or column names) in SQL-Statements for MySQL have to be quoted using "back-ticks":`
Or, if the option ANSI_QUOTES is enabled, with double-quotes:"
You're using the single-quote for the table name:'
btechstudent_academics'
So I think it should work with`
btechstudent_academics`
or if not, then with"
btechstudent_academics"
For further reading, see here: Schema Object Names[^]
这篇关于您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在“UPDATE”附近使用正确的语法btechstudent_academics'SET'Tenth'= 93,'Twelveth'= 80,'Di的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文