Can anyone spot the syntax error in this statement. It is updating an MS ACCESS database in a Visual Studio project via C#.
有人能指出这句话中的语法错误吗?它通过c#在Visual Studio项目中更新MS ACCESS数据库。
string sql = "UPDATE Contacts SET Environment=\"" + Environment + "\", Group=\"" + Group + "\", Platform=\"" + Platform + "\", Language=\"" + Language + "\", URL=\"" + URL + "\", Usernamex=\"" + Usernamex + "\", Passwordx=\"" + Passwordx + "\", Contact_Name=\"" + Contact_Name + "\", Email=\"" + Email + "\" + WHERE ID=" + ID;
I'm sure I'm just not excaping something correctly.
我确定我只是没有正确地说出一些东西。
Any help would be appreciated
如有任何帮助,我们将不胜感激
1 个解决方案
#1
2
string sql =
"UPDATE Contacts SET Environment= @Environment, Group=@Group, Platform=@Platform, Language=@Language, URL=@URL, Usernamex=@Usernamex, Passwordx=@Passwordx, Contact_Name=@Contact_Name, Email=@Email WHERE ID=@ID";
After that use
后使用
Command.Parameters.AddWithValue("@ID", ID);
For other Paramters you will need same line of code but instead of @ID->@Group and etc ...
对于其他参数,您将需要相同的代码行,而不是@ID->@Group等…
In this case the CommandText will be more readable for debug and you will be protected from sql injection !
在这种情况下,CommandText将更易于调试,您将受到保护,不受sql注入的影响!
#1
2
string sql =
"UPDATE Contacts SET Environment= @Environment, Group=@Group, Platform=@Platform, Language=@Language, URL=@URL, Usernamex=@Usernamex, Passwordx=@Passwordx, Contact_Name=@Contact_Name, Email=@Email WHERE ID=@ID";
After that use
后使用
Command.Parameters.AddWithValue("@ID", ID);
For other Paramters you will need same line of code but instead of @ID->@Group and etc ...
对于其他参数,您将需要相同的代码行,而不是@ID->@Group等…
In this case the CommandText will be more readable for debug and you will be protected from sql injection !
在这种情况下,CommandText将更易于调试,您将受到保护,不受sql注入的影响!