使用vb和sql更新数据库中的数据

[英]Update data in database using vb and sql


i want to update the data using textbox in a database but i get the error message. the error is "Incorrect syntax near '('."

我想使用数据库中的文本框更新数据,但我收到错误消息。错误是“语法不正确'('。”

below is the code for update data

下面是更新数据的代码

hopefully u all can help me to solve the problem. Thanks :)

希望你们都能帮我解决问题。谢谢 :)

dbSource = "Data Source=LAILATUL-PC\SERVER;Initial Catalog=HotelManagementSystem;Integrated Security=True"

            con = New SqlConnection(dbSource)

            con.Open()

            Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

            cmd = New SqlCommand(sqlUpdate)

            cmd.Connection = con


            cmd.Parameters.AddWithValue("@RoomCode", txtRoomCode.Text)
            cmd.Parameters.AddWithValue("@RoomType", txtRoomType.Text)
            cmd.Parameters.AddWithValue("@RoomNo", txtRoomNo.Text)
            cmd.Parameters.AddWithValue("@RoomPrice", txtRoomPrice.Text)
            cmd.Parameters.AddWithValue("@RoomStatus", txtRoomStatus.Text)
            cmd.Parameters.AddWithValue("@NoOfOccupancy", txtNoOfOccupancy.Text)


            cmd.ExecuteNonQuery()



            MessageBox.Show("Successfully saved", "Record", MessageBoxButtons.OK, MessageBoxIcon.Information)

3 个解决方案

#1


0  

You are already using parameters don't forget the last one which could open your sql up to injection attacks.

你已经在使用参数了,不要忘记最后一个可以打开你的sql注射攻击。

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"

#2


0  

Need to quote the room code text in the WHERE clause

需要引用WHERE子句中的房间代码文本

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

Edit Or better yet make that a parameter too.

编辑或者更好的是将其作为参数。

#3


0  

I believe that this statement:

我相信这句话:

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

needs to be rewritten as follows:

需要重写如下:

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, [Room_Type] = @RoomType,  [Room_No] = @RoomNo, [Room_Price] = @RoomPrice, [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

You have two problems. You didn't quote your txtRoomCode.txt value, and that's not the correct syntax for an UPDATE statement, unless I'm really confused.

你有两个问题。你没有引用你的txtRoomCode.txt值,这不是UPDATE语句的正确语法,除非我真的很困惑。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2014/05/23/bfd9f27b8026a93a3c58e8c7ec5cd026.html



 
  © 2014-2022 ITdaan.com 联系我们: