我想尝试更新从Windows到数据库的点,但我不知道如何从变量“totalPoints”中获取信息从数据库插入“points”字段
using (OleDbConnection conn = new OleDbConnection(strCon))
{
String sqlPoints = "UPDATE points FROM customer WHERE [customerID]="
+ txtCustomerID.Text;
conn.Open();
conn.Close();
}
感谢您的帮助!
答案 0 :(得分:3)
首先,您应该使用参数化查询 - 这很容易受到SQL注入攻击。
看看这里:How do parameterized queries help against SQL injection?
要回答您的问题,您需要查看OleDbCommand和ExecuteNonQuery:
public void InsertRow(string connectionString, string insertSQL)
{
using (OleDbConnection connection = new OleDbConnection(connectionString))
{
// The insertSQL string contains a SQL statement that
// inserts a new row in the source table.
OleDbCommand command = new OleDbCommand(insertSQL);
// Set the Connection to the new OleDbConnection.
command.Connection = connection;
// Open the connection and execute the insert command.
try
{
connection.Open();
command.ExecuteNonQuery();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
// The connection is automatically closed when the
// code exits the using block.
}
}
http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.100).aspx
此外,您可能需要重新查看SQL - 不确定您要完成的任务。如果您使用的是SQL Server,则语法应该类似于UPDATE TABLE SET FIELD = VALUE WHERE FIELD = VALUE。