使用vb和sql更新數據庫中的數據

[英]Update data in database using vb and sql

本文翻译自 siyhaz 查看原文 2014-05-23 45 database/database/ vb.net/vb.net/ sqlsql

i want to update the data using textbox in a database but i get the error message. the error is "Incorrect syntax near '('."

我想使用數據庫中的文本框更新數據,但我收到錯誤消息。錯誤是“語法不正確'('。”

below is the code for update data

下面是更新數據的代碼

hopefully u all can help me to solve the problem. Thanks :)

希望你們都能幫我解決問題。謝謝 :)

dbSource = "Data Source=LAILATUL-PC\SERVER;Initial Catalog=HotelManagementSystem;Integrated Security=True"

            con = New SqlConnection(dbSource)

            con.Open()

            Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

            cmd = New SqlCommand(sqlUpdate)

            cmd.Connection = con


            cmd.Parameters.AddWithValue("@RoomCode", txtRoomCode.Text)
            cmd.Parameters.AddWithValue("@RoomType", txtRoomType.Text)
            cmd.Parameters.AddWithValue("@RoomNo", txtRoomNo.Text)
            cmd.Parameters.AddWithValue("@RoomPrice", txtRoomPrice.Text)
            cmd.Parameters.AddWithValue("@RoomStatus", txtRoomStatus.Text)
            cmd.Parameters.AddWithValue("@NoOfOccupancy", txtNoOfOccupancy.Text)


            cmd.ExecuteNonQuery()



            MessageBox.Show("Successfully saved", "Record", MessageBoxButtons.OK, MessageBoxIcon.Information)

3 个解决方案

#1

You are already using parameters don't forget the last one which could open your sql up to injection attacks.

你已經在使用參數了,不要忘記最后一個可以打開你的sql注射攻擊。

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"

#2

Need to quote the room code text in the WHERE clause

需要引用WHERE子句中的房間代碼文本

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

Edit Or better yet make that a parameter too.

編輯或者更好的是將其作為參數。

#3

I believe that this statement:

我相信這句話:

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

needs to be rewritten as follows:

需要重寫如下:

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, [Room_Type] = @RoomType,  [Room_No] = @RoomNo, [Room_Price] = @RoomPrice, [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

You have two problems. You didn't quote your txtRoomCode.txt value, and that's not the correct syntax for an UPDATE statement, unless I'm really confused.

你有兩個問題。你沒有引用你的txtRoomCode.txt值,這不是UPDATE語句的正確語法,除非我真的很困惑。

注意！

本站翻译的文章，版权归属于本站，未经许可禁止转摘，转摘请注明本文地址：https://www.itdaan.com/blog/2014/05/23/bfd9f27b8026a93a3c58e8c7ec5cd026.html。

Pitfalls of SQL database table BULK update, using staging table and bulkcopy in vb.net How to update changed data into the Database by using JTable? Update mass data using PDO for mysql database how to update a data to the database using JDBC ajax on update data in database using codeigniter using dataadpter how to update data in database Insert & Update SQL Table from XML file data using VB.NET 2010 How to return data specific to 1 user in an SQL database using VB.NET how to update a database using linq to sql Update and Insert into SQL database using PHP