First of all I know password is a reserved type of Access Database. But I have read a post that you can put [password] like that and it will work. But its not working. I have tried many ways and still, I hope that some one will help.
首先我知道密码是一种保留类型的访问数据库。但我读过一篇文章,你可以像这样输入[密码],它会有用的。但它不工作。我已经尝试了很多方法,我仍然希望有人能帮助我。
OleDbCommand cmd = new OleDbCommand();
try
{
String query = "update [Employe] set [UserName] ='" + txtNewUser.Text +"', [Password] ='"+ txtNewPass.Text + "', [Authorization] ='" + nudAuthorizationLvl.Value + "', where [Id] = '" + int.Parse(txtExistingId.Text);
cmd.CommandText = query;
cmd.Connection = conn;
conn.Open();
cmd.ExecuteNonQuery();
System.Windows.Forms.MessageBox.Show("Info Updated!!!");
conn.Close();
}
catch (Exception ex)
{
MessageBox.Show("Error" + ex);
}
finally
{
conn.Close();
}
2 个解决方案
#1
1
I believe you have an extra comma right before your where clause and an extra quote before the ID.
我相信在where子句前面有一个逗号,在ID前面有一个引号。
Also, always use parameters, to avoid Sql Injection attacks:
此外,始终使用参数,以避免Sql注入攻击:
conn.Open();
cmd.CommandText = "update [Employe] set [UserName] =@userName, [Password] =@password, [Authorization] =@authorization where [Id] = @id";
cmd.Connection = conn;
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@userName", txtNewUser.Text),
new OleDbParameter("@password", txtNewPass.Text),
new OleDbParameter("@authorization", nudAuthorizationLvl.Value),
new OleDbParameter("@id", int.Parse(txtExistingId.Text))
});
cmd.ExecuteNonQuery();
#2
1
I think there's a syntax error in your update query. Considering your ID field is of type INT, there should not be any ' before the actual value. So you should change your query to the following:
我认为您的更新查询有语法错误。考虑到您的ID字段是INT类型的,在实际值之前不应该有任何'。因此,您应该将查询更改为以下内容:
String query = "update [Employe] set [UserName] ='" + txtNewUser.Text +"', [Password] ='"+ txtNewPass.Text + "', [Authorization] ='" + nudAuthorizationLvl.Value + "', where [Id] = " + int.Parse(txtExistingId.Text);
With that being said, you should really be using parameterized query to pass parameters.
话虽如此,您确实应该使用参数化查询来传递参数。
#1
1
I believe you have an extra comma right before your where clause and an extra quote before the ID.
我相信在where子句前面有一个逗号,在ID前面有一个引号。
Also, always use parameters, to avoid Sql Injection attacks:
此外,始终使用参数,以避免Sql注入攻击:
conn.Open();
cmd.CommandText = "update [Employe] set [UserName] =@userName, [Password] =@password, [Authorization] =@authorization where [Id] = @id";
cmd.Connection = conn;
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@userName", txtNewUser.Text),
new OleDbParameter("@password", txtNewPass.Text),
new OleDbParameter("@authorization", nudAuthorizationLvl.Value),
new OleDbParameter("@id", int.Parse(txtExistingId.Text))
});
cmd.ExecuteNonQuery();
#2
1
I think there's a syntax error in your update query. Considering your ID field is of type INT, there should not be any ' before the actual value. So you should change your query to the following:
我认为您的更新查询有语法错误。考虑到您的ID字段是INT类型的,在实际值之前不应该有任何'。因此,您应该将查询更改为以下内容:
String query = "update [Employe] set [UserName] ='" + txtNewUser.Text +"', [Password] ='"+ txtNewPass.Text + "', [Authorization] ='" + nudAuthorizationLvl.Value + "', where [Id] = " + int.Parse(txtExistingId.Text);
With that being said, you should really be using parameterized query to pass parameters.
话虽如此,您确实应该使用参数化查询来传递参数。