语法错误更新语句 [英] Syntax error Update statement

问题描述

OleDbCommand cmd = default(OleDbCommand);
OleDbDataReader reader = default(OleDbDataReader);
string cmdUpdate = null;


GridViewRow row = (GridViewRow)ResultGridView.Rows[e.RowIndex];
Label lbl = (Label)row.FindControl("lblid");
TextBox textname = (TextBox)row.FindControl("textbox1");
TextBox textmarks = (TextBox)row.FindControl("textbox2");
conn.Open();

cmdUpdate = "UPDATE db1 " + "SET Names = '" + textname.Text + "'Number = '" + textmarks.Text + "' " + "WHERE ID = " + lbl.Text;

cmd = new OleDbCommand(cmdUpdate);

try {
    cmd.Connection = conn;
    cmd.CommandType = CommandType.Text;
    reader = cmd.ExecuteReader();
} catch (Exception ex) {
    Response.Write(ex.ToString());
}

reader.Dispose();
conn.Close();
bind()

推荐答案

阅读 http://bobby-tables.com/about.html [ ^ ]并转换你的代码以使用正确的参数化SQL命令。



我认为你需要在单引号和单词Number之间留一个空格。

Read http://bobby-tables.com/about.html[^] and convert your code to use proper parameterized SQL commands.

I think you need a space between the single quote and the word "Number".

另一种方法是使用存储过程 [ ^ ]以避免 SQL注入 [ ^ ]。



如需了解更多信息，请参阅：

使用存储过程修改数据 [ ^ ]

演练：使用GridView Web服务器控件中的存储过程显示数据 [ ^ ]

如何使用Visual Basic .NET在ASP.NET中调用SQL Server存储过程 [ ^ ]

如何：防止ASP.NET中的SQL注入 [ ^ ]

SQL注入及其如何避免 [ ^ ]

更新（SQL） [< a href =http://msdn.microsoft.com/en-us/library/ms177523.aspxtarget =_ blanktitle =新窗口> ^ ]

Another way is to use stored procedure[^] to avoid SQL Injection[^].

For further information, please see:
Modifying Data with Stored Procedures[^]
Walkthrough: Displaying Data Using a Stored Procedure in the GridView Web Server Control[^]
How to call SQL Server stored procedures in ASP.NET by using Visual Basic .NET[^]
How To: Protect From SQL Injection in ASP.NET[^]
SQL Injection and how to avoid it[^]
UPDATE (SQL)[^]

在number字段的单引号之前应该有逗号。使用update语句时，每个字段应以逗号（，）分隔。

There should be comma before the single quote of number field. while using the update statement every field should be separated by comma(,).

这篇关于语法错误更新语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！