请更正此代码 [英] Please correct the this code
本文介绍了请更正此代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void btn_View_Click(object sender, EventArgs e)
{
TextBox tb = (TextBox)Master.FindControl("txtEmployee_code");
comm.Connection = con;
con.Open();
{
SqlCommand cmd = new SqlCommand("select osi_int_from_bank='" + txtOSIInterstFromBank.Text + "' from other_source_income WHERE em_id=" + tb.Text + "", con);
cmd.ExecuteNonQuery();
con.Close();
}
}
推荐答案
protected void btn_View_Click(object sender, EventArgs e)
{
}
那里.我已经删除了您的SQL注入攻击媒介. :)
There. I''ve removed your sql injection attack vector. :)
在您的sql命令中,编写select something =其他不正确的内容,这是关键错误所在的语法错误原因!
您选择一个或一组,或为其设置别名,但是选择x = y完全错误!
in your sqlcommand you write select something=anotherthing that is incorrect this is the reason of syntax error near the key work from!
you select one,or a group, or set alias to them but select x=y is totally wrong!
您确定要选择我认为要更新数据的信息.如果是,则使用写更新查询代替选择查询.
这样的
are you sure you are wanting to select i think you want to update data. if yes than write update query in place of select query.
like that
SqlCommand cmd = new SqlCommand("update other_source_income set osi_int_from_bank='" + txtOSIInterstFromBank.Text + "' WHERE em_id=" + tb.Text + "", con);
如果不是这样写
if not than write like this
SqlCommand cmd = new SqlCommand("select osi_int_from_bank from other_source_income WHERE em_id=" + tb.Text + "", con);
并且在选择命令中不要使用cmd.ExecuteNonQuery()
and in select command don''t use cmd.ExecuteNonQuery()
这篇关于请更正此代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文