你能解决它吗? [英] can you please slove it
本文介绍了你能解决它吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
c1.con.Open();
string k = NO;
DateTime start = DateTime.ParseExact(TextBox10.Text, dd-MM-yyyy ,System.Globalization.CultureInfo.InvariantCulture);
DateTime end = DateTime.ParseExact(TextBox11.Text, dd-MM-yyyy ,System.Globalization.CultureInfo.InvariantCulture);
c1.cmd.CommandText = update + Session [ no]。ToString()+ set avail =' + k + '其中日期介于' + start + '和' + end + ';
ab = c1.cmd.ExecuteReader();
Label5.Visible = true ;
c1.con.Close();
在=
解决方案
附近给出错误的语法错误
将字符串连接在一起形成查询并不是一个好主意。这使您容易受到SQL注入的影响。您应该使用参数化查询。此外,您的语法的查询间距不正确。
使用类似这样的东西:
c1.cmd.CommandText =UPDATE tablename SET avail = @ k WHERE @start和@end之间的日期;
c1.cmd.Parameters.AddWithValue(@ k,NO);
c1.cmd.Parameters.AddWithValue(@ start,DateTime.ParseExact(TextBox10.Text,dd-MM-yyyy,System.Globalization.CultureInfo.InvariantCulture));
c1.cmd.Parameters.AddWithValue(@ end,DateTime.ParseExact(TextBox11.Text,dd-MM-yyyy,System.Globalization.CultureInfo.InvariantCulture));
tableName应替换为要更新的表的名称。如果表也是动态的,那么你可以使用我想用的表名尝试的初始方法。
只需调试它并查看c1。 cmd.CommandText:您应该立即看到这不是有效的SQL查询。在查询的个别部分之间没有空格,它类似于
updatesession42set avail ='NO'在'2014-04-08 00:00:00之间的日期'和'2014-04-10 00:00:00'
理查德的答案向您展示了从代码中使用SQL查询的一种很好的方法 - 但也确保有空格!
c1.con.Open();
string k = "NO";
DateTime start = DateTime.ParseExact(TextBox10.Text, "dd-MM-yyyy", System.Globalization.CultureInfo.InvariantCulture);
DateTime end = DateTime.ParseExact(TextBox11.Text, "dd-MM-yyyy", System.Globalization.CultureInfo.InvariantCulture);
c1.cmd.CommandText = "update" + Session["no"].ToString() + "set avail='" + k + "'where date between'" + start + "'and'" + end + "'";
ab = c1.cmd.ExecuteReader();
Label5.Visible = true;
c1.con.Close();
gives an error incorrect syntax near "="
解决方案
It is not a good idea to concatenate string together to form queries. That leaves you susceptible to SQL Injection. You should be using parameterized queries. Also, your syntax is not spaced correctly for your query.
Use something like this:
c1.cmd.CommandText = "UPDATE tablename SET avail=@k WHERE date between @start and @end"; c1.cmd.Parameters.AddWithValue("@k","NO"); c1.cmd.Parameters.AddWithValue("@start",DateTime.ParseExact(TextBox10.Text, "dd-MM-yyyy", System.Globalization.CultureInfo.InvariantCulture)); c1.cmd.Parameters.AddWithValue("@end",DateTime.ParseExact(TextBox11.Text, "dd-MM-yyyy", System.Globalization.CultureInfo.InvariantCulture));
The "tableName" should be replaced with the name of the table you want to updated. If the table is dynamic as well, then you can use the initial method you tried with the tablename I suppose.
Just debug that and take a look atc1.cmd.CommandText: you should immediately see that that is not a valid SQL query. There are no spaces between inidvidual parts of the query, it is something like
updatesession42set avail='NO'where date between'2014-04-08 00:00:00'and'2014-04-10 00:00:00'
Richard's answer shows you an excellent way for using SQL queries from code - but also there make sure that there are spaces!
这篇关于你能解决它吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
