使用csharp更新查询错误 [英] Update query error using csharp
问题描述
数据库设计结构如下;
课程代码文本
课程持续时间文本
小时文本< br $>
在运行模式下设计如下
Cmn_Minor_Code textbox1
Course_Duration textbox2
Allocated_Hours textbox3
i我在数据库中插入上述数据。它工作正常,没问题。
我正在使用更新查询更新数据库中的课程持续时间和Allocated_Hours。
更新查询如下;
sql =更新Tb_SCH_Faculty_Details set [Course_Duration,Allocated_Hours] =''+ textbox2.Text +'',''+ textbox3 .Text +''where Cmn_Minor_Code =''+ txt_coursecode.Text +'';
当我运行上面的代码时显示错误如下
更新语句中的语法错误。
什么是我的更新查询中的问题,
请帮帮我。
问候和谢谢,
Narasiman P
Database Design structure as follows;
Course Code text
Course Duration text
Hours text
Design as follows in run mode
Cmn_Minor_Code textbox1
Course_Duration textbox2
Allocated_Hours textbox3
i am inserting the above data in the database. it is working fine, no problem.
I am updating the course Duration and Allocated_Hours in the database using update query.
Update query as follows;
sql = "Update Tb_SCH_Faculty_Details set [Course_Duration,Allocated_Hours] = ''" + textbox2.Text + "'',''" + textbox3 .Text + "'' where Cmn_Minor_Code = ''" + txt_coursecode.Text + "''";
when i run the above code shows error as follows
Syntax error in update statment.
what is the problem in my update query,
please help me.
Regards & Thanks,
Narasiman P
推荐答案
将您的查询更改为:
Change your query to:
sql = "Update Tb_SCH_Faculty_Details set Course_Duration= '" + textbox2.Text +
"',Allocated_Hours = '" + textbox3 .Text + "' where Cmn_Minor_Code = '" + txt_coursecode.Text + "'";
这将解决您的直接问题,但请不要那样做!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
which will cure your immediate problem, but please, don''t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
这篇关于使用csharp更新查询错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!