';附近的语法不正确;(';更新数据库中的记录时
本文关键字:数据库 记录 更新 语法 不正确 | 更新日期: 2023-09-27 18:00:38
我的代码正在生成一个Incorrect syntax near '('异常。我尝试了两种不同的方法,但它们都产生了相同的异常。我正在尝试更新数据库中的一条记录。
这是我的代码,产生异常的行是Execute非查询行。被注释掉的updater.Fill(dtable)也会产生相同的异常。
protected void btnSave_Click(object sender, EventArgs e)
{
int found = 0; // No match found so far
// Get the current selected Manufacturer
string currentManufacturer = grdManufact.SelectedRow.Cells[1].Text;
string currentIsModerated = grdManufact.SelectedRow.Cells[3].Text;
// Connect to the database
string strConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString2"].ToString();
SqlConnection conn = new SqlConnection(strConnectionString);
conn.Open();
// Try to find if new record would be a duplicate of an existing database record
if (txtManufactureName.Text != currentManufacturer)
{
string findrecord = "SELECT * From VehicleManufacturer WHERE ManufacturerName = '" + txtManufactureName.Text + "'";
SqlDataAdapter adpt = new SqlDataAdapter(findrecord, conn);
DataTable dt = new DataTable();
found = adpt.Fill(dt);
}
if (found == 0) // New record is not a duplicate you can proceed with record update
{
String query;
if (checkBoxModerated.Checked)
{
query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','true') WHERE ManufacturerName = " + currentManufacturer + ";";
}
else
{
query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','false') WHERE ManufacturerName = " + currentManufacturer + ";";
}
using (SqlCommand command = new SqlCommand(query, conn))
{
command.ExecuteNonQuery();
}
//using (SqlDataAdapter updater = new SqlDataAdapter(command))
// {
// DataTable dtable = new DataTable();
// updater.Fill(dtable);
// }
txtMessage.Text = "Manufacturer record changed Successfully";
txtManufactureName.Text = "";
txtDescription.Text = "";
checkBoxModerated.Checked = false;
}
else
{ // Record is a duplicate of existing database records. Give error message.
txtMessage.Text = "Sorry, that manufacturer name already exists.";
}
}
您对UPDATE语句使用了不正确的语法。
代替
UPDATE Table (Fields) VALUES (Values) WHERE ...
应该是
UPDATE Table SET Field1=Value1, Field2=Value2 WHERE ...
此外,您还有一个SQL注入漏洞(尽管这不是导致异常的原因)。对于带有用户输入的SQL查询,不要使用字符串串联。请改用事先准备好的语句。
尝试这种方法,它也更安全:
var isModerated = checkBoxModerated.Checked ; //true or false
//var isModerated = (checkBoxModerated.Checked)? 'true' : 'false' ;
command.Text = "UPDATE VehicleManufacturer
SET ManufacturerName = @manufacturerName,
ManufacturerDescription = @manufacturerDescription,
IsModerated = @isModerated
WHERE ManufacturerName = @manufacturer_name";
command.Parameters.AddWithValue("@manufacturerName", txtManufactureName.Text);
command.Parameters.AddWithValue("@manufacturerDescription", txtDescription.Text);
command.Parameters.AddWithValue("@isModerated", isModerated);
command.Parameters.AddWithValue("@manufacturer_name", txtManufactureName.Text);
command.ExecuteNonQuery();