尝试更新记录时出错 [英] Get error when trying to update record

查看:186
本文介绍了尝试更新记录时出错的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当用户尝试更新他们的记录时出现错误。

I get an error when the user is trying to update their record.

Incorrect syntax near '('.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '('.

Source Error:


Line 675:            cmd3.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));
Line 676:
Line 677:            cmd3.ExecuteNonQuery();
Line 678:        }
Line 679:        con7.Close();


Source File: C:\Users\khopkins\Documents\Visual Studio 2010\Projects\SACSCOCLogin1.1\SACSCOCLogin1.1\FTEEnrollmentInformation.aspx.cs    Line: 677





这是我的INSERT和UPDATE代码:



Here is my INSERT and UPDATE code:

protected void ButtonSave_Click(object sender, EventArgs e)
    {
        SqlConnection con7 = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con7.Open();

        string cmdStr = "Select count(*) from Table88 where User_ID='" + TextBoxUser_ID.Text + "'";
        SqlCommand userExist = new SqlCommand(cmdStr, con7);
        SqlCommand cmd = new SqlCommand("select User_ID from Table88", con7);
        int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
        if (temp == 0)
        {

            SqlCommand cmd2 = new SqlCommand("Insert into Table88 (User_ID, FT_UNDERGR, DATE, FT_GRAD, FTE_UNDERG, FTE_GRAD, NON_CREDIT, TOTAL_FTE, FCFTUHC, FCFTPBHC, FCPTUHC, FCPTPBHC, NCHC, UnderG12, Postb9, Total123b4b, FTEYR, THCAS, FTE40, HC50) values (@User_ID, @FT_UNDERGR, @DATE, @FT_GRAD, @FTE_UNDERG, @FTE_GRAD, @NON_CREDIT, @TOTAL_FTE, @FCFTUHC, @FCFTPBHC, @FCPTUHC, @FCPTPBHC, @NCHC, @UnderG12, @Postb9, @Total123b4b, @FTEYR, @THCAS, @FTE40, @HC50);", con7);
            cmd2.CommandType = CommandType.Text;
            cmd2.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
            cmd2.Parameters.AddWithValue("@FT_UNDERGR", TextBoxFTUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FT_GRAD", TextBoxFTG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE_UNDERG", TextBoxTHUGDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE_GRAD", TextBoxTHGDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@NON_CREDIT", TextBoxNCCDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@TOTAL_FTE", TextBoxTCNC.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCFTUHC", TextBoxTNFUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCFTPBHC", TextBoxTNFG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCPTUHC", TextBoxTNCPUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCPTPBHC", TextBoxTNCPG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@NCHC", TextBoxTNNCC.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTEYR", lblYEAR1.Text);
            cmd2.Parameters.AddWithValue("@DATE", TextBoxDATE.Text);
            cmd2.Parameters.AddWithValue("@UnderG12", TextBoxTHUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@Postb9", TextBoxTHG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@Total123b4b", TextBoxT1234.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@THCAS", TextBoxTHCAS.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE40", TextBoxFTE40.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));

            cmd2.ExecuteNonQuery();
        }
        else if (temp == 1)
        {
            SqlCommand cmd3 = new SqlCommand("UPDATE Table88 (User_ID, FT_UNDERGR, DATE, FT_GRAD, FTE_UNDERG, FTE_GRAD, NON_CREDIT, TOTAL_FTE, FCFTUHC, FCFTPBHC, FCPTUHC, FCPTPBHC, NCHC, UnderG12, Postb9, Total123b4b, FTEYR, THCAS, FTE40, HC50) values (@User_ID, @FT_UNDERGR, @DATE, @FT_GRAD, @FTE_UNDERG, @FTE_GRAD, @NON_CREDIT, @TOTAL_FTE, @FCFTUHC, @FCFTPBHC, @FCPTUHC, @FCPTPBHC, @NCHC, @UnderG12, @Postb9, @Total123b4b, @FTEYR, @THCAS, @FTE40, @HC50);", con7);
            cmd3.CommandType = CommandType.Text;
            cmd3.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
            cmd3.Parameters.AddWithValue("@FT_UNDERGR", TextBoxFTUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FT_GRAD", TextBoxFTG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE_UNDERG", TextBoxTHUGDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE_GRAD", TextBoxTHGDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@NON_CREDIT", TextBoxNCCDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@TOTAL_FTE", TextBoxTCNC.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCFTUHC", TextBoxTNFUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCFTPBHC", TextBoxTNFG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCPTUHC", TextBoxTNCPUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCPTPBHC", TextBoxTNCPG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@NCHC", TextBoxTNNCC.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTEYR", lblYEAR1.Text);
            cmd3.Parameters.AddWithValue("@DATE", TextBoxDATE.Text);
            cmd3.Parameters.AddWithValue("@UnderG12", TextBoxTHUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@Postb9", TextBoxTHG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@Total123b4b", TextBoxT1234.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@THCAS", TextBoxTHCAS.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE40", TextBoxFTE40.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));

            cmd3.ExecuteNonQuery();
        }
        con7.Close();

推荐答案

首先,修复 SQL注入漏洞 [中的troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.htmltarget =_ blanktitle =New Window> ^ ] SELECT 代码:

First of all, fix the SQL Injection vulnerability[^] in your SELECT code:
const string cmdStr = "Select count(*) from Table88 where User_ID= @User_ID";
SqlCommand userExist = new SqlCommand(cmdStr, con7);
userExist.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar());





然后,修复您的 UPDATE 查询的语法 [ ^ ]:



Then, fix the syntax of your UPDATE query[^]:

SqlCommand cmd3 = new SqlCommand("UPDATE Table88 SET FT_UNDERGR = @FT_UNDERGR, DATE = @DATE, FT_GRAD = @FT_GRAD, FTE_UNDERG = @FTE_UNDERG, FTE_GRAD = @FTE_GRAD, NON_CREDIT = @NON_CREDIT, TOTAL_FTE = @TOTAL_FTE, FCFTUHC = @FCFTUHC, FCFTPBHC = @FCFTPBHC, FCPTUHC = @FCPTUHC, FCPTPBHC = @FCPTPBHC, NCHC = @NCHC, UnderG12 = @UnderG12, Postb9 = @Postb9, Total123b4b = @Total123b4b, FTEYR = @FTEYR, THCAS = @THCAS, FTE40 = @FTE40, HC50 = @HC50 WHERE User_ID = @User_ID;", con7);


这篇关于尝试更新记录时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆