string Update = "UPDATE VehicleReport" +
"SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService ='"+textBox6.Text+"'" +
"WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
try
{
SqlConnection conn = new SqlConnection("Data Source=(local);Initial Catalog=FleetTrackingDatabase;Integrated Security=SSPI");
conn.Open();
SqlCommand cmd = new SqlCommand(Update, conn);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Updated");
conn.Close();
}
catch (System.Exception f)
{
MessageBox.Show(f.Message, "ERROR");
}
答案 0 :(得分:1)
至少这是不正确的:
string Update = "UPDATE VehicleReport" + "SET ...
您需要在VehicleReport和Set
之间添加一个空格string Update = "UPDATE VehicleReport " + "SET....
答案 1 :(得分:0)
添加空格
"UPDATE VehicleReport" +
" SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService='"+textBox6.Text+"'" +
" WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
答案 2 :(得分:0)
表名后面缺少空格:
string Update = "UPDATE VehicleReport"
string Update = "UPDATE VehicleReport "
和WHERE之前相同
答案 3 :(得分:0)
你能试试吗,
string Update = "UPDATE VehicleReport SET VehicleReg ='"+textBox1.Text+"',CurrentOdometer ='"+textBox5.Text+"',NextService ='"+textBox6.Text+"'" + " WHERE Vehiclenum ='"+comboBox1.Text+"' ;";
答案 4 :(得分:0)
我真的很震惊有4个答案,但是没有人提到参数化的sql和SQL注入攻击,但无论如何..
正如其他人所提到的,您需要在SET和WHERE字之前添加空格。
但更重要的是,不要以这种方式使用。在查询中使用字符串连接时,代码将为SQL Injection打开。除此之外,您应始终使用parameterizezd queries。
例如;
string Update = "UPDATE VehicleReport SET VehicleReg = @vehiclereg, CurrentOdometer = @current, NextService = @next WHERE Vehiclenum = @vehiclenum;";
SqlCommand cmd = new SqlCommand(Update, conn);
cmd.Parameters.AddWithValue("@vehiclereg", textBox1.Text);
cmd.Parameters.AddWithValue("@current", textBox5.Text);
cmd.Parameters.AddWithValue("@next", textBox6.Text);
cmd.Parameters.AddWithValue("@vehiclenum", comboBox1.Text);