无法更新远程服务器中的varchar(400)列 [英] unable to update a varchar (400) column in remote server
本文介绍了无法更新远程服务器中的varchar(400)列的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
本地服务器:从表中我从列'highlight-varchar(400)'中检索数据。
对于编辑,我将其分配给名为'v_highlights'的变量。然后我想在同一列亮点中再次更新。有用。所以我发布它并上传到我的远程服务器。
现在,使用远程服务器:它不起作用。我的代码:
Local server: From a table I retrieve data from a column 'highlights-varchar(400)'.
For editing I assign it to a variable named as 'v_highlights'. Then I want to update again in the same column 'highlights'. It works. So I publish it and upload to my remote server.
Now, with a remote server: It doesn't work. My code:
string updateSqll = "UPDATE txfile SET highlights='" + v_highlights + "' WHERE mem_id = " + v_mem_id1 + " and reg_id = " + v_regid + " and noofitems='" + v_itemno + "'";
任何人都可以澄清为什么会这样?
问候。
Can anyone clarify why is it so?
Regards.
推荐答案
它不起作用没有用但是缺少它会抛出此消息的异常意味着就SQL而言,更新已经成功。最可能的罪魁祸首是远程数据库没有任何与WHERE条件完全匹配的行 - 即使您的本地行也是如此。
另一种可能性是你通过连接字符串来产生你的SQL命令,并从你试图插入的数据中引入SQL注入来自己引起问题。
你可能不知道SQL注入是什么,但你该死的应该 - 因为它可以毫无困难地破坏或破坏你的数据库。想一想:如果从本地服务器检索的数据包含引号字符,会发生什么?就SQL而言,它终止突出显示字符串,字符串中的其余数据被解释并作为命令执行。始终使用参数化查询 - 永远不要连接字符串以形成SQL命令!
It doesn't work is not that helpful, but the lack of "it throws an exception with this message" implies that the update has succeeded as far as SQL is concerned. The most likely culprit is indeed that the remote database does not have any rows which exactly match your WHERE condition - even if your local one does.
The other possibility is that you are causing the problem yourself by concatenating strings to produce your SQL command, and causing an SQL Injection from the data you are trying to insert.
You may not know what SQL Injection is, but you damn well should - given that it can damage or destroy your database without any difficulty. Think about it: what happens if the data you retrieve from the local server contains a quote character? That terminates thehighlightsstring as far as SQL is concerned, and the remainder of the data in the string is interpreted and executed as a command. Use parametrized queries at all times - never, ever concatenate strings to form SQL commands!
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand com = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
{
com.Parameters.AddWithValue("@C1", myValueForColumn1);
com.Parameters.AddWithValue("@C2", myValueForColumn2);
com.ExecuteNonQuery();
}
}
这篇关于无法更新远程服务器中的varchar(400)列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
