无法在C#数据库访问中更新数据

时间:2013-12-14 17:36:15

标签: c# ms-access listbox

我有一个button3的问题,它是UPDATE BUTTON,消息框一直说它是UPDATE语句中的语法错误。而且,如果我创建另一个列表框,如果我插入新数据,它不会让我在第二个列表框中插入另一个数据。因此,如果我在第一个列表框中插入一些内容,那么该索引将为9,那么我会尝试在下一个列表框中插入,但随后它会进入索引10.

    OleDbCommand cmd = new OleDbCommand();
        OleDbConnection cn = new OleDbConnection();
        OleDbDataReader dr;

private void listBox2_Click(object sender, EventArgs e)
        {
            ListBox l = sender as ListBox;

                if (l.SelectedIndex != 1)
                {
                    listBox1.SelectedIndex = l.SelectedIndex;
                    listBox2.SelectedIndex = l.SelectedIndex;
                    textBox2.Text = listBox2.SelectedItem.ToString();
                }

        }

private void button1_Click(object sender, EventArgs e)
        {
            if (textBox1.Text != "")
            {
                string q = "insert into Table1 (name) values ('"+textBox1.Text.ToString()+"')";
                doSomething(q);
                textBox1.Text = null;
            }
        }

private void button2_Click(object sender, EventArgs e)
        {
            if (listBox1.SelectedIndex != -1)
            {
                string q = "delete from Table1 where id=" + listBox1.SelectedItem.ToString();
                doSomething(q);
            }
        }

private void button3_Click(object sender, EventArgs e)
        {
            if (textBox2.Text != "" & listBox1.SelectedIndex != -1)
            {
                string q = "update Table1 set (name) '" + textBox2.Text.ToString() + "' where id " + listBox1.SelectedItem.ToString();
                doSomething(q);
                textBox2.Text = "";
            }
        }


private void doSomething(String q)
        {
            try
            {
                cn.Open();
                cmd.CommandText = q;
                cmd.ExecuteNonQuery();
                cn.Close();
                loaddata();
            }
            catch (Exception e)
            {
                cn.Close();
                MessageBox.Show(e.Message.ToString());
            }
        }

2 个答案:

答案 0 :(得分:1)

问题1:您在提供输入参数时缺少=符号。

试试这个:

 string q = "update Table1 set [name]= '" + textBox2.Text.ToString() + "' where id= " + listBox1.SelectedItem.ToString();

问题2:您没有将连接对象分配给`OleDbCommand。

在执行命令

之前添加:
   cmd.Connection=cn;

完整代码:

        OleDbCommand cmd = new OleDbCommand();
        OleDbConnection cn = new OleDbConnection();
        OleDbDataReader dr;

       private void listBox2_Click(object sender, EventArgs e)
        {
            ListBox l = sender as ListBox;  
            if(l.SelectedIndex!=-1)
            textBox2.Text = l.SelectedItem.ToString();
        }

        }

       private void button1_Click(object sender, EventArgs e)
        {
            if (textBox1.Text != "")
            {
                string q = "insert into Table1(name) values ('"+textBox1.Text.ToString()+"')";
                doSomething(q);
                textBox1.Text = null;
            }
        }

       private void button2_Click(object sender, EventArgs e)
        {
            if (listBox1.SelectedIndex != -1)
            {
                string q = "delete from Table1 where id=" + listBox1.SelectedItem.ToString();
                doSomething(q);
            }
        }

       private void button3_Click(object sender, EventArgs e)
        {
            if (textBox2.Text != "" & listBox1.SelectedIndex != -1)
            {
                string q = "update Table1 set [name] ='" + textBox2.Text.ToString() + "' where id =" + listBox1.SelectedItem.ToString();
                doSomething(q);
                textBox2.Text = "";
            }
        }


       private void doSomething(String q)
        {
            try
            {
                cn.Open();
                cmd.CommandText = q;
                cmd.Connection=cn;
                cmd.ExecuteNonQuery();
                cn.Close();
                loaddata();
            }
            catch (Exception e)
            {
                cn.Close();
                MessageBox.Show(e.Message.ToString());
            }
        }

建议:您的查询已向SQL injection attacks开放,我建议您使用Parameterised Queries来避免这些问题。

使用参数化查询:

private void doSomething(String q)
    {
        try
        {
            cn.Open();
            cmd.CommandText = "update Table1 set [name]=@name  where id=@id";
            cmd.Parameters.AddWithValue("@name",textBox2.Text.ToString());
            cmd.Parameters.AddWithValue("@id",listBox1.SelectedItem.ToString());
            cmd.ExecuteNonQuery();
            cn.Close();
            loaddata();
        }
        catch (Exception e)
        {
            cn.Close();
            MessageBox.Show(e.Message.ToString());
        }
    }

答案 1 :(得分:0)

string q = "update Table1 set (name) '" + textBox2.Text.ToString() + "' where id " + listBox1.SelectedItem.ToString();

在上面的代码(btn3)中,您缺少id =

编写如下代码:

string q = "update Table1 set (name) '" + textBox2.Text.ToString() + "' where id=" + listBox1.SelectedItem.ToString();

更新:

我的访问查询功能:

public  void ExecuteAccessQurey(string _pQurey)
{
    OleDbConnection con = new OleDbConnection("DatabaseConnectionString");
    OleDbCommand cmd = new OleDbCommand(_pQurey, con);

    if (con.State == System.Data.ConnectionState.Closed)
    {
        con.Open();
    }

    cmd.ExecuteNonQuery();
    con.Close();
}