我想要做的是,从ASP.NET(框架4),用户应该能够使用记录密钥更新SQL数据库中的现有记录。使用Visual Studio 2010(vb)
我在“\”附近遇到语法错误,我有2个文本框: 1-对于钥匙 2 - 包含将发送到SQL服务器以更新此类列的信息(Control_ClosedByRev)
Dim Con As New SqlConnection
Dim SQL As String
Dim com As SqlCommand = Con.CreateCommand
Dim KeyID As Integer
KeyID = TextBox1_UpdateDataReview.Text
Con.ConnectionString = "Data Source=WCRDUSMJEMPR9\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"
Con.Open()
SQL = "UPDATE ControlCharts set Control_ClosedByRev=" & TextBox2_UpdateDataReview.Text & " where ID_ControlCharts= " & KeyID
Dim cmd As New SqlCommand(SQL, Con)
'cmd.ExecuteScalar()
cmd.ExecuteNonQuery()
Label1_UpdateDataReview.Text = "Record Updated"
我试过更改cmd.execute,但是没有用。提前谢谢。
答案 0 :(得分:2)
首先,这很容易受到SQL注入的影响 - 请阅读并使用参数化查询。
以下是一些示例代码可供帮助。
Con.ConnectionString = "Data Source=WCRDUSMJEMPR9\\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"
Con.Open()
SQL = "UPDATE ControlCharts set Control_ClosedByRev=@ClosedByRev where ID_ControlCharts=@Key"
Dim cmd As New SqlCommand(SQL, Con)
cmd.Parameters.AddWithValue("@ClosedByRev ", TextBox2_UpdateDataReview.Text)
cmd.Parameters.AddWithValue("@Key", KeyID)
cmd.ExecuteNonQuery()
答案 1 :(得分:0)
试试这个:在字符串
之前加上“@”符号 Con.ConnectionString = @"Data Source=WCRDUSMJEMPR9\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"
或者转义斜杠"Data Source=WCRDUSMJEMPR9\\SQLEXPRESS;Initial Catalog=MicroDB;Integrated Security=True"