请更正此代码 [英] Please correct the this code

问题描述

protected void btn_View_Click(object sender, EventArgs e)
   {
       TextBox tb = (TextBox)Master.FindControl("txtEmployee_code");

       comm.Connection = con;

       con.Open();
       {
           SqlCommand cmd = new SqlCommand("select osi_int_from_bank='" + txtOSIInterstFromBank.Text + "' from other_source_income  WHERE em_id=" + tb.Text + "", con);

           cmd.ExecuteNonQuery();
           con.Close();
       }


   }

推荐答案

protected void btn_View_Click(object sender, EventArgs e)
{
}

那里.我已经删除了您的SQL注入攻击媒介. :)

There. I''ve removed your sql injection attack vector. :)

在您的sql命令中，编写select something =其他不正确的内容，这是关键错误所在的语法错误原因！
您选择一个或一组，或为其设置别名，但是选择x = y完全错误！

in your sqlcommand you write select something=anotherthing that is incorrect this is the reason of syntax error near the key work from!
you select one,or a group, or set alias to them but select x=y is totally wrong!

您确定要选择我认为要更新数据的信息.如果是，则使用写更新查询代替选择查询.
这样的

are you sure you are wanting to select i think you want to update data. if yes than write update query in place of select query.
like that

SqlCommand cmd = new SqlCommand("update other_source_income  set osi_int_from_bank='" + txtOSIInterstFromBank.Text + "' WHERE em_id=" + tb.Text + "", con);

如果不是这样写

if not than write like this

SqlCommand cmd = new SqlCommand("select osi_int_from_bank from other_source_income  WHERE em_id=" + tb.Text + "", con);

并且在选择命令中不要使用cmd.ExecuteNonQuery()

and in select command don''t use cmd.ExecuteNonQuery()

这篇关于请更正此代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！