如何在 VB.NET 中使用此 SQL UPDATE 查询
这里 textbox11 包含一个浮点值,组合框包含一个字符串,我是否必须输入文本或所选项目
cmd.CommandType = "UPDATE BALANCE SET OBBALANCE = '"& TextBox11.Text &"' WHERE CUSTOMERNAME = "& ComboBox1.Text & " "
它给出以下错误:
Operator '&' is not defined for string " UPDATE BALANCE SET OBBALANCE = " and type 'DataRowView'.
Here textbox11 contains a float value and combo box contains a string do i have to put text or selected item
cmd.CommandType = "UPDATE BALANCE SET OBBALANCE = '"& TextBox11.Text &"' WHERE CUSTOMERNAME = "& ComboBox1.Text & " "
It gives the following error:
Operator '&' is not defined for string " UPDATE BALANCE SET OBBALANCE = " and type 'DataRowView'.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
相反,您应该使用参数,因为它们都针对 sql 注入进行转义并进行更简洁的数据传递:
并添加参数和值:
请参阅 http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
Instead you should use parameters, as they are both escaped for sql injections and make more neat datapassing:
and add parameterwithvalue for:
See http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
我不建议使用内联 SQL 查询。请改用存储过程并传递参数。
如果您传递文本 - 您将获得显示值...如果您想传递基础值,则使用“SelectedValue”
但是要解决您的问题,请使用参数。
I would not recommend using inline SQL query. Use Stored Procedure instead and pass parameters.
If you pass Text - you will get the display value... if you want to pass the underlying value, then use "SelectedValue"
However to resolve your issue, use parameters.
可用的 CommandType 是
StoredProcedure
表直接
文本
看起来您想将 CommandType 设置为 Text 并将 CommandText 设置为您在那里的内容。
也就是说,我同意斯特凡关于参数的回答。
The available CommandTypes are
StoredProcedure
TableDirect
Text
It looks like you want to set your CommandType to Text and set your CommandText to what you have there.
That said, I agree with stefan's answer about parameters.