更新语句中的语法错误
代码:
string query1 = @"UPDATE global_mapping set escape_id = " +
dataGridView1.Rows[i].Cells[2].Value + ",function_id = " +
dataGridView1.Rows[i].Cells[3].Value + ",function_name = '" +
dataGridView1.Rows[i].Cells[4].Value + "',parameter_name = '" +
dataGridView1.Rows[i].Cells[5].Value + "',parameter_validity = '" +
dataGridView1.Rows[i].Cells[6].Value + "',statusparameter_id = " +
dataGridView1.Rows[i].Cells[7].Value + ",acb_datatype = '" +
dataGridView1.Rows[i].Cells[8].Value + "',data_type_id = " +
dataGridView1.Rows[i].Cells[9].Value + ",bit_size = " +
dataGridView1.Rows[i].Cells[10].Value + ",validity_status ='" +
dataGridView1.Rows[i].Cells[11].Value + "',validity_func = '" +
dataGridView1.Rows[i].Cells[12].Value + "'WHERE global_mapping.parameter_id =" +
dataGridView1.Rows[i].Cells[1].Value + "";
OleDbCommand cmd1 = new OleDbCommand(query1, conn);
cmd1.ExecuteNonQuery();
代码结束:
当我执行上述代码时,我收到一条错误消息,指出“更新语句中存在语法错误”。 有人可以告诉我如何解决这个问题吗?
code:
string query1 = @"UPDATE global_mapping set escape_id = " +
dataGridView1.Rows[i].Cells[2].Value + ",function_id = " +
dataGridView1.Rows[i].Cells[3].Value + ",function_name = '" +
dataGridView1.Rows[i].Cells[4].Value + "',parameter_name = '" +
dataGridView1.Rows[i].Cells[5].Value + "',parameter_validity = '" +
dataGridView1.Rows[i].Cells[6].Value + "',statusparameter_id = " +
dataGridView1.Rows[i].Cells[7].Value + ",acb_datatype = '" +
dataGridView1.Rows[i].Cells[8].Value + "',data_type_id = " +
dataGridView1.Rows[i].Cells[9].Value + ",bit_size = " +
dataGridView1.Rows[i].Cells[10].Value + ",validity_status ='" +
dataGridView1.Rows[i].Cells[11].Value + "',validity_func = '" +
dataGridView1.Rows[i].Cells[12].Value + "'WHERE global_mapping.parameter_id =" +
dataGridView1.Rows[i].Cells[1].Value + "";
OleDbCommand cmd1 = new OleDbCommand(query1, conn);
cmd1.ExecuteNonQuery();
code ends:
When I execute the above code I get an error stating "Syntax error in Update statement".
Can someone please tell me how to resolve this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
看起来您需要在 WHERE 子句之前添加一个空格。
希望这有帮助,
比尔
It looks like you need to add a space before your WHERE clause.
Hope this helps,
Bill
哇。 我们可以说... SQL 注入吗?
尝试使用参数。 您不仅可以保护自己,而且您的 SQL 将变得更具可读性。
Wow. Can we say... SQL Injection?
Try using Parameters. Not only will you protect yourself, but your SQL will become MUCH more readable.
切勿使用字符串连接来构建 SQL 查询。 使用 SQL 参数。
Never use string concatenation for building SQL queries. Use SQL parameters.
哎呀!
请提供最终的 query1 值并尝试对其进行格式化,以便我们能够更好地了解它。 我的猜测是缺少 ' 或其他东西。
Yikes!
Please provide the final query1 value and try to format it so we can get a better picture of it. My guess is a missing ' or something.
我想说你在那里遗漏了一些引号,但你的代码太像猪圈了,我无法分辨。 如果您不修复您的代码,那么至少给我们一个 query1 的转储,以便我们可以读取您的实际查询。
并像前面的回复所述使用参数或存储过程。 只需要你的变量之一被一些令人讨厌的东西覆盖,你的服务器就会向任何删除你的表或更糟糕的人开放。
即使这是本地“安全”数据库,您现在也应该改掉坏习惯。
I'd say you're missing some quotes in there but your code is such a pig-sty I can't tell. If you won't fix your code then at the minimum give us a dump of query1 so we can read your actual query.
And use parameters or stored procedures like the previous responses said. All it takes is one of your variables to get overwritten with something nasty and your server will be wide open to anyone deleting your tables or worse.
Even if this is a local "safe" database you should unlearn your bad habits now.
放
<代码>
Console.WriteLine(查询1)
之前
OleDbCommand cmd1 = new OleDbCommand(query1, conn);查看打印到控制台窗口的
query1的值。SQL 语句看起来没问题吗? 我想不是 - 您现在将能够找到一个非数字且在网格中为空白的字段。
并且,按照其他人所说的那样使用参数。
Put
Console.WriteLine(query1)
OleDbCommand cmd1 = new OleDbCommand(query1, conn);See the value of
query1printed to console window.Does the SQL Statement look OK? I guess not - you will now be able to find a field which is non-numeric and is blank in the grid.
And, use parameters as others have said.