更新语句SQL中的语法错误更新MS Access数据库c#

时间:2022-12-20 15:38:35

Can anyone spot the syntax error in this statement. It is updating an MS ACCESS database in a Visual Studio project via C#.

有人能指出这句话中的语法错误吗?它通过c#在Visual Studio项目中更新MS ACCESS数据库。

string sql = "UPDATE Contacts SET Environment=\"" + Environment + "\", Group=\"" + Group + "\", Platform=\"" + Platform + "\", Language=\"" + Language + "\", URL=\"" + URL + "\", Usernamex=\"" + Usernamex + "\", Passwordx=\"" + Passwordx + "\", Contact_Name=\"" + Contact_Name + "\", Email=\"" + Email + "\" + WHERE ID=" + ID;

I'm sure I'm just not excaping something correctly.

我确定我只是没有正确地说出一些东西。

Any help would be appreciated

如有任何帮助,我们将不胜感激

1 个解决方案

#1


2  

string sql = 

"UPDATE Contacts SET Environment= @Environment, Group=@Group, Platform=@Platform, Language=@Language, URL=@URL, Usernamex=@Usernamex, Passwordx=@Passwordx, Contact_Name=@Contact_Name, Email=@Email WHERE ID=@ID";

After that use

后使用

Command.Parameters.AddWithValue("@ID", ID); 

For other Paramters you will need same line of code but instead of @ID->@Group and etc ...

对于其他参数,您将需要相同的代码行,而不是@ID->@Group等…

In this case the CommandText will be more readable for debug and you will be protected from sql injection !

在这种情况下,CommandText将更易于调试,您将受到保护,不受sql注入的影响!

#1


2  

string sql = 

"UPDATE Contacts SET Environment= @Environment, Group=@Group, Platform=@Platform, Language=@Language, URL=@URL, Usernamex=@Usernamex, Passwordx=@Passwordx, Contact_Name=@Contact_Name, Email=@Email WHERE ID=@ID";

After that use

后使用

Command.Parameters.AddWithValue("@ID", ID); 

For other Paramters you will need same line of code but instead of @ID->@Group and etc ...

对于其他参数,您将需要相同的代码行,而不是@ID->@Group等…

In this case the CommandText will be more readable for debug and you will be protected from sql injection !

在这种情况下,CommandText将更易于调试,您将受到保护,不受sql注入的影响!