根据不同情况更新mySql表 [英] Update mySql table according to different conditions

问题描述

我从这个网站得到了这个代码，现在我需要添加一些更改.

I got this code from this site and now I need to add some change.

我知道我在这里装傻了.

I know I acted fool here.

我搜索了很多，但被困在这里.我想将 1 添加到 sql 表 @subject 列中，其中 @name 是行.@subject 和 @name 正在改变.这就是使用参数的原因.

I searched many and got stuck in here. I wanted to add 1 to the sql table @subject column where @name is the row. @subject and @name are changing. That is why parameters used.

Dim sql As String = "UPDATE attendance.student SET @subject = @subject +1 WHERE S_name = @name;" 
Dim conn As MysqlConnection 
Try conn = New MySqlConnection(ConnectionString)
  Dim cmd As New MySqlCommand(sql, conn)
  cmd.Parameters.Add("@subject", MySqlDbType.VarString, 20).Value = TextBox4.Text
  cmd.Parameters.Add("@name", MySqlDbType.VarString, 50).Value = TextBox1.Text

推荐答案

你必须这样做，才能让它运行但必须清楚这是容易受到sql注入

You must do this, to get it running But it must be clear this is vulnurable to sql injection

因此，您必须检查 TextBox4.Text 的有效内容.

So you must check TextBox4.Text for valid content.

Dim sql As String = "UPDATE attendance.student SET `" & TextBox4.Text & "` = `" & TextBox4.Text & "` +1 WHERE S_name = @name;" 
Dim conn As MysqlConnection 
Try conn = New MySqlConnection(ConnectionString)
  Dim cmd As New MySqlCommand(sql, conn)
  cmd.Parameters.Add("@name", MySqlDbType.VarString, 50).Value = TextBox1.Text

这篇关于根据不同情况更新mySql表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！