SQL Server 2008中的查询问题 [英] query problm in Sql Server 2008
本文介绍了SQL Server 2008中的查询问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我的代码:
Here is my code:
SqlCommand cmda = new SqlCommand("Delete ID,DrugName,PurchasePrice,SellPrice,Stock from AddProduct where DrugName ='"+ comboBox1.SelectedItem +"' ",conn);
cmda.Connection = conn;
conn.Open();
cmda.ExecuteNonQuery();
conn.Close();
我单击删除按钮,因此发生错误.并且错误是(,''附近的语法不正确).
请帮助我该怎么做,然后才不会发生错误?
I click the delete button so error is occur. And Error is (Incorrect syntax near '','').
Please Help What shoulid i do then error is not occur?
推荐答案
从"删除"查询中删除行名称.使用"删除"语句删除相应记录的整行,因此它不需要列名.
请在下面的链接中查看"删除"语句的正确语法.
http://www.w3schools.com/sql/sql_delete.asp
我建议您使用参数化查询,而不是将用户输入连接到纯SQL查询.
http://www.csharp-station.com/Tutorial/AdoDotNet/lesson06
Remove colunm names from your "Delete" query. Using "Delete" statement you delete entire row of corresponding records, so it does not require column names.
Have a look at below link for proper syntax of "Delete" statement.
http://www.w3schools.com/sql/sql_delete.asp
I would recommend you to use parameterized queries instead of concatenating user-input to your plain sql query.
http://www.csharp-station.com/Tutorial/AdoDotNet/lesson06
您不能删除表特定行中的值.您将删除整行(如果要删除特定字段,则需要执行UPDATE).改为执行以下操作:
You can''t delete the values in specific rows of a table. You are deleting the entire row (if you want to erase specific fields, you''d need to do an UPDATE). Do this instead:
SqlCommand cmd = new SqlCommand("DELETE FROM AddProduct WHERE DrugName = @DrugName", conn);
cmd.Parameters.AddWithValue("DrugName", comboBox1.SelectedItem);
以下是您的代码的其他一些问题:
- 当您不使用参数化查询时,您将打开代码进行SQL注入(这很糟糕).
- 您无需在命令上设置连接如果您通过构造函数将连接传递给命令.
- When you don''t use parameterized queries, you are opening your code up to SQL injection (that''s bad).
- You don''t need to set the connection on the command if you pass the connection to the command via the constructor.
Here are some other issues with your code:
这篇关于SQL Server 2008中的查询问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
