';附近语法不正确';.C#
本文关键字:不正确 语法 | 更新日期: 2023-09-27 18:26:06
我得到错误
"附近的语法不正确
这是我的代码:
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli'" + textBox5.Text + "',Tavalod'" + maskedTextBox1.Text + "',Address'" + richTextBox1.Text + "',Madraak'" + textBox7.Text + "',Shahriye'" + textBox8.Text + "',Mobile'" + textBox6.Text + "'where Name=" + textBox1.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
我的数据库是SQL Server Express。
有一些错误:
- 以下内容之后缺少相等项:
CodeMeli=、Tavalod=、Address=、Madraak=、Shahriye=、Mobile= - sql语句
+ "'"的结尾缺失
这将起作用:
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
无论如何,我建议您使用参数。为什么?
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE Student SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
使用table2而不是student
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update table2 set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
或
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE table2 SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
SqlConnection conn = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=C:'Users'Mr'Documents'Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = @"
UPDATE
Student
SET
Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,
Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile
WHERE
Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
这是代码。首先正确设置查询格式,您的查询不可读。其次使用命令参数来避免SQL注入。你可以在维基百科上阅读有关sql注入的内容。第三个写"漂亮"的文本框ID,这有一些意义。
查看您的CommandText。有些参数没有(=)格式如下:
cmd.CommandText = "update student set Name='" + textBox1.Text + "',
Family='" + textBox2.Text + "',
Fathername='" + textBox3.Text + "',
ShenasName='" + textBox4.Text + "',
CodeMeli='" + textBox5.Text + "',
Tavalod='" + maskedTextBox1.Text + "',
Address='" + richTextBox1.Text + "',
Madraak='" + textBox7.Text + "',
Shahriye='" + textBox8.Text + "',
Mobile='" + textBox6.Text + "'
where Name=" + textBox1.Text;
')' 语法错误
private void btnInsert_Click(object sender, EventArgs e) {
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
SqlConnection con = new SqlConnection(@"Data Source=.'SQLEXPRESS;AttachDbFilename=|DataDirectory|'Database1.mdf;Integrated Security=True;User Instance=True");
SqlCommand cmd = new SqlCommand("INSERT INTO Customers(Id,Name,Country,) values (@Id,@Name,@Country)",con);
con.Open();
cmd.Parameters.AddWithValue("@Id",dataGridView1.Rows[i].Cells[0].Value);
cmd.Parameters.AddWithValue("@Name",dataGridView1.Rows[i].Cells[1].Value);
cmd.Parameters.AddWithValue("@Country",dataGridView1.Rows[i].Cells[2].Value);
cmd.ExecuteNonQuery();
con.Close();
}
MessageBox.Show("Added successfully!");
}