编辑按钮vb.net上的语法错误

Here is the code for my edit command. When I click the edit button message, a syntax error on the update statement pop up. But when debugging, there was no error.

这是我的编辑命令的代码。单击编辑按钮消息时,弹出更新语句中的语法错误。但是在调试时,没有错误。

    Try
        Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject '" & txtsubject.Text & "' WHERE number = " & number & ";"
        Dim SqlCommand As New OleDbCommand

        With SqlCommand
            .CommandText = SqlQuery
            .Connection = conn
            .ExecuteNonQuery()
        End With
        MsgBox("One record successfully updated.")
        loadListView()
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
End Sub

1 个解决方案

#1

Here is your query statement:

这是您的查询语句:

Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject '" & txtsubject.Text & "' WHERE number = " & number & ";"

Lets pay attention on this part:

让我们关注这一部分:

& "', subject '" & txtsubject.Text &

You missed the equals sign. Should be:

你错过了等号。应该:

& "', subject = '" & txtsubject.Text &

So the complete line would be:

所以整行将是:

Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject = '" & txtsubject.Text & "' WHERE number = " & number & ";"

And finally, research about SQL injection. It is a serious security problem that your code are suffering.

最后,关于SQL注入的研究。您的代码正在遭受严重的安全问题。

#1