使用vb和sql更新數據庫中的數據

[英]Update data in database using vb and sql


i want to update the data using textbox in a database but i get the error message. the error is "Incorrect syntax near '('."

我想使用數據庫中的文本框更新數據,但我收到錯誤消息。錯誤是“語法不正確'('。”

below is the code for update data

下面是更新數據的代碼

hopefully u all can help me to solve the problem. Thanks :)

希望你們都能幫我解決問題。謝謝 :)

dbSource = "Data Source=LAILATUL-PC\SERVER;Initial Catalog=HotelManagementSystem;Integrated Security=True"

            con = New SqlConnection(dbSource)

            con.Open()

            Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

            cmd = New SqlCommand(sqlUpdate)

            cmd.Connection = con


            cmd.Parameters.AddWithValue("@RoomCode", txtRoomCode.Text)
            cmd.Parameters.AddWithValue("@RoomType", txtRoomType.Text)
            cmd.Parameters.AddWithValue("@RoomNo", txtRoomNo.Text)
            cmd.Parameters.AddWithValue("@RoomPrice", txtRoomPrice.Text)
            cmd.Parameters.AddWithValue("@RoomStatus", txtRoomStatus.Text)
            cmd.Parameters.AddWithValue("@NoOfOccupancy", txtNoOfOccupancy.Text)


            cmd.ExecuteNonQuery()



            MessageBox.Show("Successfully saved", "Record", MessageBoxButtons.OK, MessageBoxIcon.Information)

3 个解决方案

#1


0  

You are already using parameters don't forget the last one which could open your sql up to injection attacks.

你已經在使用參數了,不要忘記最后一個可以打開你的sql注射攻擊。

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"

#2


0  

Need to quote the room code text in the WHERE clause

需要引用WHERE子句中的房間代碼文本

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

Edit Or better yet make that a parameter too.

編輯或者更好的是將其作為參數。

#3


0  

I believe that this statement:

我相信這句話:

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

needs to be rewritten as follows:

需要重寫如下:

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, [Room_Type] = @RoomType,  [Room_No] = @RoomNo, [Room_Price] = @RoomPrice, [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

You have two problems. You didn't quote your txtRoomCode.txt value, and that's not the correct syntax for an UPDATE statement, unless I'm really confused.

你有兩個問題。你沒有引用你的txtRoomCode.txt值,這不是UPDATE語句的正確語法,除非我真的很困惑。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2014/05/23/bfd9f27b8026a93a3c58e8c7ec5cd026.html



 
  © 2014-2022 ITdaan.com 联系我们: