Question

我在我的数据库中将列声明为Survey_Answer1Count，并尝试将其数量增加一。那我该怎么写它的sql命令呢。 Survey_Answer1Count是int值。我试过这个：

string  queryIncrease = "update SurveyCount 
    set Answer2Count =  Answer2Count + 1 
    where Survey_Title = '" + lbl_title.Text + "' 
        and Survey_Adder = '" + lbl_adder.Text + "'";

Answer 1

为了避免潜在的SQL注入问题，请使用参数化查询，如下所示：

string queryIncrease = "UPDATE SurveyCount SET Answer2Count = Answer2Count + 1 
WHERE Survey_Title = @Title AND Survey_Adder = @Adder";

using (SqlCommand cmd = new SqlCommand(queryIncrease, YOURSQLCONNECTION))
{
    cmd.Parameters.AddWithValue("@Title", lbl_title.Text);
    cmd.Parameters.AddWithValue("@Adder", lbl_adder.Text);

    cmd.ExecuteNonQuery();
}

Answer 2

我会这样做，一定要替换我把“把连接字符串放在这里”的连接字符串

string  queryIncrease = "update SurveyCount set Answer2Count =  Answer2Count + 1 where Survey_Title = '" + lbl_title.Text + "' and Survey_Adder = '" + lbl_adder.Text + "'";

using (var SqlConn = new SqlConnection(put connection string here))
{
    using (SqlCommand cmd = new SqlCommand(queryIncrease, SqlConn))
    {
        cmd.CommandType = CommandType.Text;
        cmd.CommandTimeout = 100000;

        if (SqlConn.State == ConnectionState.Closed)
            SqlConn.Open();

        cmd.ExecuteNonQuery()       
    }
}

如何使用sql命令更新（增加一个）int值？

2 个答案: