SqlCommand cmd = new SqlCommand("UPDATE Records [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
答案 0 :(得分:3)
您错过了“设置”关键字:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
答案 1 :(得分:3)
其他人已经指出SQL命令中缺少SET关键字,但到目前为止(令人惊讶的是)没有人指出你对SQL注入也很成熟。我建议使用参数化查询来消除这种威胁:
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]=@FirstName, [Last Name]=@LastName,[Middle Initial]=@MiddleInitial,Gender=@Gender,Address=@Address,Status=@Status,Year=@Year,Email=@Email,Course=@Course,[Contact Number]=@ContactNumber WHERE ([Student ID]=@StudentID)", con);
cmd.Parameters.AddWithValue("@FirstName", textBox2.Text);
cmd.Parameters.AddWithValue("@LastName", textBox3.Text);
cmd.Parameters.AddWithValue("@MiddleInitial", comboBox1.Text);
cmd.Parameters.AddWithValue("@Gender", comboBox2.Text);
cmd.Parameters.AddWithValue("@Address", textBox4.Text);
cmd.Parameters.AddWithValue("@Status", comboBox3.Text);
cmd.Parameters.AddWithValue("@Year", comboBox4.Text);
cmd.Parameters.AddWithValue("@Email", textBox5.Text);
cmd.Parameters.AddWithValue("@Course", comobBox5.Text);
cmd.Parameters.AddWithValue("@ContactNumber", textBox6.Text);
cmd.Parameters.AddWithValue("@StudentID", textBox1.Text);
cmd.ExecuteNonQuery();
con.Close();
答案 2 :(得分:2)
我相信这应该是
SqlCommand cmd = new SqlCommand("UPDATE Records set [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
区别在于“设置”
答案 3 :(得分:0)
更新查询的语法错误。您可能忘记添加" SET"关键字..
可以在此处找到更新查询语法: - http://www.tutorialspoint.com/sql/sql-update-query.htm
SqlCommand cmd = new SqlCommand("UPDATE Records SET [First Name]='" + textBox2.Text + "',[Last Name]='" + textBox3.Text + "',[Middle Initial]='" + comboBox1.Text + "',Gender='" + comboBox2.Text + "',Address='" + textBox4.Text + "',Status='" + comboBox3.Text + "',Year='" + comboBox4.Text + "',Email='" + textBox5.Text + "',Course='" + comboBox5.Text + "',[Contact Number]='" + textBox6.Text + "'+ WHERE ([Student ID]='" + textBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();