更新按钮中的语法错误 [英] Syntax Error In Update Button
本文介绍了更新按钮中的语法错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
错误行在adptr.UpdateCommand.ExecuteNonQuery()但我没有看到CommandText(UPDATE代码)有什么问题:
Dim sql As String = UPDATE NTIdb& _
SET ID ='& idT.Text()& '& _
,Status ='& ComboBox1.SelectedItem()& '& _
,DateDeliver ='& DateTimePicker1.Value()& '& _
,Client ='& clientT.Text()& '& _
,POrder ='& orderT.Text()& '& _
,StoreCode ='& storeCT.Text()& '& _
,StoreType ='& storeTT.Text()& '& _
,ProdUsage ='& prodUT.Text()& '& _
,ProdCategory ='& prodCT.Text()& '& _
,Brand ='& brandT.Text()& '& _
,Descrption ='& descT.Text()& '& _
,Quantity ='& NumericUpDown1.Value()& '& _
,MainUnitSerial ='& mainUST.Text()& '& _
,HDD1 ='& hdd1T.Text()& '& _
,HDD2 ='& hdd2T.Text()& '& _
,OpticalDrive ='& odT.Text()& '& _
,Monitor ='& monitorT.Text()& '& _
,Keyboard ='& keyboardT.Text()& '& _
,NetAdaptor ='& netAdaptorT.Text()& '& _
,ProdKey ='& prodkeyT.Text()& '& _
,WTYEnt ='& wtyET.Text()& '& _
,AccExec ='& accexecT.Text()& '& _
,SalesOrder ='& sOrderT.Text()& '& _
,SalesInv ='& sInvT.Text()& '& _
,DReceipt ='& dRecT.Text()& '& _
,ReceibedBy ='& receivedT.Text()& '& _
,Waybill ='& waybillT.Text()& '& _
,DueDate ='& DateTimePicker2.Value()& '& _
,WHERE ID =& TextBox1.Tag()&
尝试
cnn.Open()
adptr.UpdateCommand = cnn.CreateCommand
adptr.UpdateCommand.CommandText = sql
adptr.UpdateCommand.ExecuteNonQuery()
MsgBox ( 数据已更新!)
adptr.Dispose()
cnn。关闭()
Catch ex As 异常
MsgBox(ex.ToString)
结束 尝试
解决方案
你可以把一个调试语句写出来写出sql字符串,并发布结果(只是确保它不包含安全敏感信息),这样我们才能看到我的意思发生在更新语句中 - 然后我们可能知道错误在哪里。
我还建议您阅读SQL注入攻击,就好像该代码在任何尝试注入攻击的应用程序都可以访问您的数据库。
始终使用存储过程和参数。
The line of the error is at "adptr.UpdateCommand.ExecuteNonQuery()" but I don''t see anything wrong with the CommandText (UPDATE code):
Dim sql As String = "UPDATE NTIdb " & _
" SET ID='" & idT.Text() & "'" & _
", Status='" & ComboBox1.SelectedItem() & "'" & _
", DateDeliver='" & DateTimePicker1.Value() & "'" & _
", Client='" & clientT.Text() & "'" & _
", POrder='" & orderT.Text() & "'" & _
", StoreCode='" & storeCT.Text() & "'" & _
", StoreType='" & storeTT.Text() & "'" & _
", ProdUsage='" & prodUT.Text() & "'" & _
", ProdCategory='" & prodCT.Text() & "'" & _
", Brand='" & brandT.Text() & "'" & _
", Descrption='" & descT.Text() & "'" & _
", Quantity='" & NumericUpDown1.Value() & "'" & _
", MainUnitSerial='" & mainUST.Text() & "'" & _
", HDD1='" & hdd1T.Text() & "'" & _
", HDD2='" & hdd2T.Text() & "'" & _
", OpticalDrive='" & odT.Text() & "'" & _
", Monitor='" & monitorT.Text() & "'" & _
", Keyboard='" & keyboardT.Text() & "'" & _
", NetAdaptor='" & netAdaptorT.Text() & "'" & _
", ProdKey='" & prodkeyT.Text() & "'" & _
", WTYEnt='" & wtyET.Text() & "'" & _
", AccExec='" & accexecT.Text() & "'" & _
", SalesOrder='" & sOrderT.Text() & "'" & _
", SalesInv='" & sInvT.Text() & "'" & _
", DReceipt='" & dRecT.Text() & "'" & _
", ReceibedBy='" & receivedT.Text() & "'" & _
", Waybill='" & waybillT.Text() & "'" & _
", DueDate='" & DateTimePicker2.Value() & "'" & _
", WHERE ID=" & TextBox1.Tag() & ""
Try
cnn.Open()
adptr.UpdateCommand = cnn.CreateCommand
adptr.UpdateCommand.CommandText = sql
adptr.UpdateCommand.ExecuteNonQuery()
MsgBox("Data updated!")
adptr.Dispose()
cnn.Close()
Catch ex As Exception
MsgBox(ex.ToString)
End Try
解决方案
Could you put a debug statement in to write out the sql string, and post the result(just be sure that it does not contain security sensitive information), so that we can see what is happening in the update statement - then we might know where the error is.
I also suggest that you read up on SQL injection attacks as if that code was in an application anyone trying an injection attack will may get access to your database.
Always use stored procedures and parameters.
这篇关于更新按钮中的语法错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文