'Pershkrimi'附近的语法不正确。 [英] Incorrect syntax near 'Pershkrimi'.
本文介绍了'Pershkrimi'附近的语法不正确。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
private void btnUpdate_Click(object sender, EventArgs e)
{
SqlConnection ce = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=c:\users\egzon\documents\visual studio 2013\Projects\Arka2\Arka2\DataArka.mdf;Integrated Security=True");
try
{
if (txtID.Text != "" & txtPershkrimi.Text != "" & txtNjesia.Text != "" & txtSasia.Text != "" && txtCmimi.Text != "" && listBoxID.SelectedIndex != -1)
{
ce.Open();
exeSql.CommandText = "UPDATE Produktet SET ID=" + txtID.Text + " Pershkrimi= '" + txtPershkrimi.Text + "'Njesia='" + txtNjesia.Text + "'Sasia=" + txtSasia.Text + "Cmimi=" + txtCmimi.Text + "";
exeSql.ExecuteNonQuery();
loadlist();
MessageBox.Show("Rreshti u Editua!!", "Mesazhi", MessageBoxButtons.OK, MessageBoxIcon.Information);
statusLBL.Text = "konektimi pati sukses";
ce.Close();
txtID.Text = "";
txtPershkrimi.Text = "";
txtNjesia.Text = "";
txtSasia.Text = "";
txtCmimi.Text = "";
grdProduktet.Update();
grdProduktet.Refresh();
}
try
{
statusLBL.Text = "editimi pati sukses!!";
}
catch (Exception)
{
statusLBL.Text = "editimi deshtoi!!";
return;
}
}
catch (Exception)
{
statusLBL.Text = "konektimi deshtoi";
return;
}
finally
{
ce.Close();
}
}
推荐答案
首先你应该使用参数化查询 - 我会让你看一下。
其次,你必须用逗号分隔你在sql语句中使用的字段 - 正如你的查询目前所说的那样是
Firstly you should be using parameterised queries - I'll leave you to look that up.
Secondly, you must separate the fields your are using in your sql statement with commas - as your query currently stands it should be
UPDATE Produktet SET ID=" + txtID.Text + ", Pershkrimi= '" + txtPershkrimi.Text + "',Njesia='" + txtNjesia.Text + ",'Sasia=" + txtSasia.Text + ",Cmimi=" + txtCmimi.Text + "";
编辑 - 这是一个了解参数化查询的链接 http://www.dotnetperls.com/sqlparameter [ ^ ]
逗号,我的朋友。你需要逗号:
Commas, my friend. You need commas:
UPDATE <table_name> SET <field>=<new value>,<field>=<new value>,<field... WHERE ...
但请不要这样做!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
But please, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
您的查询中缺少逗号。
例如exeSql.CommandText =UPDATE Produktet SET ID =+ txtID.Text +,Pershkrimi ='+ txtPershkrimi.Text +',Njesia ='+ txtNjesia.Text +',Sasia = + txtSasia.Text +Cmimi =+
You are missing commas in your query.
E.g.exeSql.CommandText = "UPDATE Produktet SET ID=" + txtID.Text + ", Pershkrimi= '" + txtPershkrimi.Text + "', Njesia='" + txtNjesia.Text + "', Sasia=" + txtSasia.Text + "Cmimi=" +
这篇关于'Pershkrimi'附近的语法不正确。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
