';附近的语法不正确;名字';
本文关键字:不正确 名字 语法 | 更新日期: 2023-09-27 18:27:06
SqlCommand cmd = new SqlCommand("UPDATE Records [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
您错过了"Set"关键字:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
其他人已经指出SQL命令中缺少SET
关键字,但到目前为止(令人惊讶的是)还没有人指出您也适合SQL注入。我建议使用参数化查询来消除这种威胁:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]=@FirstName, [Last Name]=@LastName,[Middle Initial]=@MiddleInitial,Gender=@Gender,Address=@Address,Status=@Status,Year=@Year,Email=@Email,Course=@Course,[Contact Number]=@ContactNumber WHERE ([Student ID]=@StudentID)", con);
cmd.Parameters.AddWithValue("@FirstName", textBox2.Text);
cmd.Parameters.AddWithValue("@LastName", textBox3.Text);
cmd.Parameters.AddWithValue("@MiddleInitial", comboBox1.Text);
cmd.Parameters.AddWithValue("@Gender", comboBox2.Text);
cmd.Parameters.AddWithValue("@Address", textBox4.Text);
cmd.Parameters.AddWithValue("@Status", comboBox3.Text);
cmd.Parameters.AddWithValue("@Year", comboBox4.Text);
cmd.Parameters.AddWithValue("@Email", textBox5.Text);
cmd.Parameters.AddWithValue("@Course", comobBox5.Text);
cmd.Parameters.AddWithValue("@ContactNumber", textBox6.Text);
cmd.Parameters.AddWithValue("@StudentID", textBox1.Text);
cmd.ExecuteNonQuery();
con.Close();
我认为这应该是
SqlCommand cmd = new SqlCommand("UPDATE Records set [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
区别在于单词"Set"
更新查询的语法错误。您可能忘记添加"SET"关键字。。
更新查询语法可以在这里找到:-http://www.tutorialspoint.com/sql/sql-update-query.htm
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();