更新查询语法错误 [英] Update query syntax error
问题描述
string query =更新DefaultProfile设置密码='abc123'其中RegNo ='admin';
有人可以请告诉我这是什么问题上面查询访问数据库表。
表名:DefaultProfile
该表中有4列,名称为:RegNo,Password ,课程和名称。
我需要更新密码字段,但是当我使用OledbCommand执行此查询以进行访问连接时,c#会为此更新查询引发语法错误。
我无法弄清楚语法中的问题是什么。
SHOUTING删除 - OriginalGriff [/ edit ]
使用以下查询
string query =update DefaultProfile set [Password] ='abc123 '其中RegNo ='admin';
密码是一个保留字:你需要逃避它:
stri ng query = update DefaultProfile set [Password] ='abc123'其中RegNo ='admin';
但是......不要这样做!
1)不要将值传递给数据库字符串,特别是如果它们可能(因为这些将)来自用户。请改用参数化查询。将字符串作为SQL的一部分传递是对SQL注入攻击的邀请,这可能会损坏或破坏您的数据库!
2)永远不要以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
string query = "update DefaultProfile set Password='abc123' where RegNo='admin'";
can somebody please tell me what is the problem in the above query for an access database table.
table name : DefaultProfile
There are 4 columns in that table with the names: RegNo, Password, Course & Name.
I need to update the Password field but when I execute this query with an OledbCommand for access Connection, c# throws a syntax error for this update query.
I can't figure out what is the the problem in the syntax.
[edit]SHOUTING removed - OriginalGriff[/edit]
Use below query
string query = "update DefaultProfile set [Password]='abc123' where RegNo='admin'";
"Password" is a reserved word: you need to escape it:
string query = "update DefaultProfile set [Password]='abc123' where RegNo='admin'";
But... don't do it like that!
1) Don't pass values to and database as strings, particularly if they may (as these will) originate with the user. Use Parameterised queries instead. passing strings as part of your SQL is an invitation to SQL injection attacks, which can damage or destroy your DB!
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
这篇关于更新查询语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!