SQL更新语句中的C#语法错误

时间:2021-02-08 15:39:16

I'm stuck on this code:

我坚持这个代码:

con.Open();

OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = con;
cmd1.CommandText = "update login set password='"+passw.Text+"', Username='" + username.Text + "', firstname='" + user_name.Text + "', address='" + useraddress.Text + "',contact_no='" + usercontactno.Text + "',email='" + useremail.Text + "',birthday='" + userbirthday.Text + "',age='" + userage.Text + "' where id=" + nem + " ";

cmd1.ExecuteNonQuery();
con.Close();

The query is working well but every time I run it, it says that "password='"+passw.text+"'" has a syntax error. If I remove that line the update works correctly.

该查询运行良好,但每次运行时,它都说“password ='”+ passw.text +“'”有语法错误。如果我删除该行,则更新正常。

2 个解决方案

#1


1  

Password is a reserved keyword. You need to quote it as [Password] or "Password", e.g.:

密码是保留的关键字。您需要将其引用为[密码]或“密码”,例如:

   cmd1.CommandText = "update login set [password]='"+passw.Text+"', Username='" + username.Text + "', firstname='" + user_name.Text + "', address='" + useraddress.Text + "',contact_no='" + usercontactno.Text + "',email='" + useremail.Text + "',birthday='" + userbirthday.Text + "',age='" + userage.Text + "' where id=" + nem + " ";

Also, another important thing you need to avoid is passing input strings into the SQL statement like this. You need to take quotes in the input strings. First name set to Bla'bla will break your code. The best way to avoid this is to use parameters.

另外,您需要避免的另一个重要事项是将输入字符串传递到SQL语句中。您需要在输入字符串中使用引号。设置为Bla'bla的名字将破坏您的代码。避免这种情况的最佳方法是使用参数。

Finally, both the connection and the command object are disposable, so it would be best to wrap them in a using block.

最后,连接和命令对象都是一次性的,因此最好将它们包装在一个使用块中。

#2


0  

The two most likely issues I see right now:

我现在看到的两个最可能的问题:

  1. passw.Text might not have a value and the login table, password column does not allow null values
  2. passw.Text可能没有值,登录表,密码列不允许空值

  3. the login table does not have a column called "password"
  4. 登录表没有名为“password”的列

#1


1  

Password is a reserved keyword. You need to quote it as [Password] or "Password", e.g.:

密码是保留的关键字。您需要将其引用为[密码]或“密码”,例如:

   cmd1.CommandText = "update login set [password]='"+passw.Text+"', Username='" + username.Text + "', firstname='" + user_name.Text + "', address='" + useraddress.Text + "',contact_no='" + usercontactno.Text + "',email='" + useremail.Text + "',birthday='" + userbirthday.Text + "',age='" + userage.Text + "' where id=" + nem + " ";

Also, another important thing you need to avoid is passing input strings into the SQL statement like this. You need to take quotes in the input strings. First name set to Bla'bla will break your code. The best way to avoid this is to use parameters.

另外,您需要避免的另一个重要事项是将输入字符串传递到SQL语句中。您需要在输入字符串中使用引号。设置为Bla'bla的名字将破坏您的代码。避免这种情况的最佳方法是使用参数。

Finally, both the connection and the command object are disposable, so it would be best to wrap them in a using block.

最后,连接和命令对象都是一次性的,因此最好将它们包装在一个使用块中。

#2


0  

The two most likely issues I see right now:

我现在看到的两个最可能的问题:

  1. passw.Text might not have a value and the login table, password column does not allow null values
  2. passw.Text可能没有值,登录表,密码列不允许空值

  3. the login table does not have a column called "password"
  4. 登录表没有名为“password”的列