这是我使用文本框和组合框更新记录的代码,但它返回错误 这个错误如下 第1行:','
附近的语法不正确但是当我检查我的代码时,我找不到任何错误,请帮助我修改谢谢!
Private Sub btnUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnUpdate.Click
Dim sqlconn As New SqlClient.SqlConnection
sqlconn.ConnectionString = "server = SKPI-APPS1;" & _
"Database = EOEMS;integrated security=true"
Dim myCommand As SqlCommand
Try
''update command
sqlconn.Open()
myCommand = New SqlCommand("UPDATE tblOfficeEquipmentProfile SET OE_Category = '" & cmbCategory.Text & "',OE_SubCategory = '" & cmbSubCategory.Text & "', OE_ID = '" & txtOEID.Text & "', OE_Name = '" & txtName.Text & "', OE_User = '" & txtUser.Text & "', OE_Brand = '" & cmbBrand.Text & "', OE_Model = '" & cmbModel.Text & "', OE_Specs = '" & txtSpecs.Text & "', OE_SerialNo = '" & txtSerialNo.Text & "', OE_PropertyNo = '" & txtPropertyNo.Text & "', OE_MacAddress = '" & txtMacAddress.Text & "', OE_Static_IP = '" & txtStaticIp.Text & "', OE_Vendor = '" & cmbVendor.Text & "', OE_PurchaseDate = '" & txtPurchaseDate.Text & "', OE_WarrantyInclusiveYear = '" & cmbWarrantyInclusiveYear.Text & "', OE_WarrantyStatus = '" & txtWarrantyStatus.Text & "', OE_Status = '" & txtStatus.Text & "', OE_Dept_Code = '" & cmbDeptCode.Text & "', OE_Location_Code = '" & cmbLocationCode.Text & "', OE_Remarks ='" & cmbRemarks.Text & "' WHERE OE_Category = '" & cmbCategory.Text & "',OE_SubCategory = '" & cmbSubCategory.Text & "', OE_ID = '" & txtOEID.Text & "', OE_Name = '" & txtName.Text & "', OE_User = '" & txtUser.Text & "', OE_Brand = '" & cmbBrand.Text & "', OE_Model = '" & cmbModel.Text & "', OE_Specs = '" & txtSpecs.Text & "', OE_SerialNo = '" & txtSerialNo.Text & "', OE_PropertyNo = '" & txtPropertyNo.Text & "', OE_MacAddress = '" & txtMacAddress.Text & "', OE_Static_IP = '" & txtStaticIp.Text & "', OE_Vendor = '" & cmbVendor.Text & "', OE_PurchaseDate = '" & txtPurchaseDate.Text & "', OE_WarrantyInclusiveYear = '" & cmbWarrantyInclusiveYear.Text & "', OE_WarrantyStatus = '" & txtWarrantyStatus.Text & "', OE_Status = '" & txtStatus.Text & "', OE_Dept_Code = '" & cmbDeptCode.Text & "', OE_Location_Code = '" & cmbLocationCode.Text & "', OE_Remarks ='" & cmbRemarks.Text & "'", sqlconn)
myCommand.ExecuteNonQuery()
MessageBox.Show("Office Equipment Profile Successfully Updated Records")
sqlconn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
DisableBoxes()
End Sub
答案 0 :(得分:0)
除了查询因为SQL Injection易受攻击而感到虚弱之外,错误位于WHERE。您不应使用comma分隔条件,而应使用Conditional Operator,例如AND / OR。例如,
WHERE OE_Category = '' AND
OE_SubCategory = '' AND
OE_ID = '' AND ...
更新1
Dim updateStatement As new System.Text.StringBuilder
updateStatement.Append("UPDATE tblofficeequipmentprofile " & vbCrLf)
updateStatement.Append("SET oe_category = @oe_category, " & vbCrLf)
updateStatement.Append(" oe_subcategory = @oe_subcategory, " & vbCrLf)
updateStatement.Append(" oe_id = @oe_id, " & vbCrLf)
updateStatement.Append(" oe_name = @oe_name, " & vbCrLf)
updateStatement.Append(" oe_user = @oe_user, " & vbCrLf)
updateStatement.Append(" oe_brand = @oe_brand, " & vbCrLf)
updateStatement.Append(" oe_model = @oe_model, " & vbCrLf)
updateStatement.Append(" oe_specs = @oe_specs, " & vbCrLf)
updateStatement.Append(" oe_serialno = @oe_serialno, " & vbCrLf)
updateStatement.Append(" oe_propertyno = @oe_propertyno, " & vbCrLf)
updateStatement.Append(" oe_macaddress = @oe_macaddress, " & vbCrLf)
updateStatement.Append(" oe_static_ip = @oe_static_ip, " & vbCrLf)
updateStatement.Append(" oe_vendor = @oe_vendor, " & vbCrLf)
updateStatement.Append(" oe_purchasedate = @oe_purchasedate, " & vbCrLf)
updateStatement.Append(" oe_warrantyinclusiveyear = @oe_warrantyinclusiveyear, " & vbCrLf)
updateStatement.Append(" oe_warrantystatus = @oe_warrantystatus, " & vbCrLf)
updateStatement.Append(" oe_status = @oe_status, " & vbCrLf)
updateStatement.Append(" oe_dept_code = @oe_dept_code, " & vbCrLf)
updateStatement.Append(" oe_location_code = @oe_location_code, " & vbCrLf)
updateStatement.Append(" oe_remarks = @oe_remarks ")
myCommand = New SqlCommand(updateStatement.ToString(), sqlconn)
myCommand.Parameters.AddWithValue("@Category", cmbCategory.Text)
myCommand.Parameters.AddWithValue("@SubCategory", cmbSubCategory.Text)
myCommand.Parameters.AddWithValue("@OE_ID", txtOEID.Text)
'' other parameters
myCommand.ExecuteNonQuery()