我的代码出错;我在哪里以及如何取消它？ [英] Error in my codes; Where and How do I do away with it pls?

问题描述

这组代码旨在修改或更新访问数据库中的值。

This set of codes is intended to modify or update values in access Database.

query = " update myDbase set NAMES =  '"+ txtName+"', CLASS = '"+txtClass+"', AGE = '"+txtAge+"' where YEAR = '"+txtYear+"', COURSE = '"+txtCourse+"'";

oleCon.Open();
oleAdpt.UpdateCommand = oleCon.CreateCommand();
oleAdpt.UpdateCommand.CommandText = query;
oleAdpt.UpdateCommand.ExecuteNonQuery();
oleCon.Close();

始终显示错误：没有给出一个或多个必需参数的值。

昨天只有一个栏目是完美的，但自6：00GMT以来，我不知道发生了什么。没有什么工作。

请帮忙！

谢谢。

Always showing Error: " No value given for one or more required parameters."
It was perfect yesterday with only one column but since 6:00GMT, I don't know what happened. Nothing is working.
Please help!
Thank you.

推荐答案

首先 - 你应该是关于Sql Injection的阅读。



当你回来时：用， >&在 WHERE 子句中，并确保所有测试字段都有数据。应该这样做。

First of all - you should be off reading about "Sql Injection".

When you are back: replace , with AND in your WHERE clause and make sure all the test-fields have data. That should do it.

嗯。

Um.

... where YEAR = '"+txtYear+"', COURSE = '"+txtCourse+"'";

您的意思是

Did you mean

... where YEAR = '"+txtYear+"' AND COURSE = '"+txtCourse+"'";

但请不要这样做。不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

But please, don't do that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

您好，



您的代码中使用了 txtName 。如果这是一个文本框，那么你需要使用 txtName.Text 来获取渲染的值。



请检查你的代码并在查询中正确替换它们并再试一次。



谢谢

Sisir Patro

Hi,

Here in your code you have used like "txtName". If this is a text box then you need to use the "txtName.Text" to get the values rendered.

Please check in your code and replace the things properly there in the query and try again.

Thanks
Sisir Patro

这篇关于我的代码出错;我在哪里以及如何取消它？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！