这段代码给我错误“关键字'where'如何解决它的错误语法 [英] this code give me the error " incorrect syntax near keyword 'where' how to slove it
本文介绍了这段代码给我错误“关键字'where'如何解决它的错误语法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
SqlCommand UpdateCommand = new SqlCommand("Update Stock Set ConfigID = @ConfigID , Quantity = @Quantity ,TotalPrice =@TotalPrice, StockDate =@StockDate ,Where StockID='" + txtStockID.Text + "'");
UpdateCommand.Connection = con;
UpdateCommand.Parameters.Add("@ConfigID",SqlDbType.Int).Value= txtConfigID.Text;
UpdateCommand.Parameters.Add("@Quantity", SqlDbType.Int).Value = txtQty.Text;
UpdateCommand.Parameters.Add("@TotalPrice", SqlDbType.Int).Value = txtTotalPrice.Text;
UpdateCommand.Parameters.Add("@StockDate", SqlDbType.NVarChar, 50).Value = dtpStockDate.Value;
con.Open();
UpdateCommand.ExecuteNonQuery();
Con.Close();
推荐答案
Remoce,来自查询并试试这个.. :)
Remoce "," from query and try this.. :)
SqlCommand UpdateCommand = new SqlCommand("Update Stock Set ConfigID = @ConfigID , Quantity = @Quantity ,TotalPrice =@TotalPrice, StockDate =@StockDate Where StockID='" + txtStockID.Text + "'");
要添加到Nirav的答案,因为你已经使用了SqlParameters作为值,你也应该使用用于WHERE子句的SqlParameter而不是直接将txtStockID.Text连接到字符串。
直接连接会让您对SQL注入等开放,因为您可能已经知道:)
And to add to Nirav's answer, since you already use SqlParameters for the values, you should also use SqlParameter for the WHERE clause instead of concatenatingtxtStockID.Textdirectly to the string.
Direct concatenation leaves you open to SQL injections etc as you're already probably aware of :)
这篇关于这段代码给我错误“关键字'where'如何解决它的错误语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
