SQL程序更新记录错误

时间:2014-01-06 15:24:09

标签: vb.net

我正在使用一个小型SQL数据库程序。程序就在那里查看,编辑和更新数据库记录。考虑到我之前从未尝试过类似的东西,一切都工作得非常好。我设法让添加记录,刷新记录和删除记​​录功能完美运行。但是,在尝试更新选定的记录时,我遇到了一点点冲击。

为了澄清,SQL表显示在列表视图中,从此列表视图中,最终用户可以选择特定记录并编辑或删除它。

Example Image

编辑按钮打开一个新的表单窗口,其中包含文本字段,这些字段会自动填充该记录的当前信息。

Example Image

编辑记录表格的代码是:

Private Sub frmEdit_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    intDB_ID_Selected = CInt(frmMain.lvRec.SelectedItems(0).Text)
    Call dispCaption()
    Call dispInfo()     'Display the info of the selected ID


End Sub

Private Sub dispInfo()
    SQL = "Select * from PersonsA " & _
          "where Members_ID=" & intDB_ID_Selected & ""

    With comDB
        .CommandText = SQL
        rdDB = .ExecuteReader
    End With
    If rdDB.HasRows = True Then
        rdDB.Read()

        Me.midtxt.Text = rdDB!Members_ID.ToString.Trim
        Me.gttxt.Text = rdDB!Gamer_Tag.ToString.Trim
        Me.sntxt.Text = rdDB!Screenname.ToString.Trim
        Me.fntxt.Text = rdDB!First_Name.ToString.Trim
        Me.lntxt.Text = rdDB!Last_Name.ToString.Trim
        Me.dobtxt.Text = rdDB!DoB.ToString.Trim
        Me.dobtxt.Text = rdDB!DoB.ToString.Trim
        Me.emailtxt.Text = rdDB!E_Mail_Address.ToString.Trim
        Me.teamptxt.Text = rdDB!Position.ToString.Trim
        Me.ugctxt.Text = rdDB!Cautions.ToString.Trim
        Me.recordtxt.Text = rdDB!Record.ToString.Trim
        Me.eventatxt.Text = rdDB!Event_Attendance.ToString.Trim
        Me.Mstattxt.Text = rdDB!Member_Status.ToString.Trim

    End If
    rdDB.Close()
End Sub

Private Sub dispCaption()

End Sub

Private Sub cmdUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdUpdate.Click
    Call disControl()
    'Validation
    If invalidUpdateEntry() = True Then
        Call enaControl()
        Exit Sub
    End If
    'Prompt the user if the record will be updated
    If MsgBox("Are you sure you want to update the selected record?", CType(MsgBoxStyle.YesNo + MsgBoxStyle.DefaultButton2 + MsgBoxStyle.Question, MsgBoxStyle), "Update") = MsgBoxResult.Yes Then
        'Update query
            SQL = "Update PersonsA" & _
                "SET Members_ID='" & Me.midtxt.Text.Trim & "'," & _
                  "Gamer_Tag='" & Me.gttxt.Text.Trim & "'," & _
                  "Screenname='" & Me.sntxt.Text.Trim & "'," & _
                  "First_Name='" & Me.fntxt.Text.Trim & "'," & _
                  "Last_Name='" & Me.lntxt.Text.Trim & "'," & _
                  "DoB='" & Me.dobtxt.Text.Trim & "'," & _
                  "E_Mail_Address='" & Me.emailtxt.Text.Trim & "'," & _
                  "Position='" & Me.teamptxt.Text.Trim & "'," & _
                  "U_G_Studio='" & Me.ugptxt.Text.Trim & "'," & _
                  "Cautions='" & Me.ugctxt.Text.Trim & "'," & _
                  "Record='" & Me.recordtxt.Text.Trim & "'," & _
                  "Event_Attendance='" & Me.eventatxt.Text.Trim & "'," & _
                  "Member_Status='" & Me.Mstattxt.Text.Trim & "'" & _
                "WHERE Members_ID='" & intDB_ID_Selected & "'"
        Call execComDB(SQL)     'Execute the query
        Me.Close()
        '*** Refresh the list
        SQL = "Select * from PersonsA "
        Call frmMain.dispRec(SQL)
        '--- End of refreshing the list
        Exit Sub
    Else
        Call enaControl()
    End If
End Sub

正如我所说,我已经能够使用非常类似的方法完成其他所有操作,但是当我尝试更新记录时,我收到错误说

  

System.Data.dll中出现未处理的“System.Data.SqlClient.SqlException”类型异常

     

其他信息:'Members_ID'附近的语法不正确。

我知道这就是问题

"WHERE Members_ID='" & intDB_ID_Selected & "'"
            Call execComDB(SQL)     'Execute the query

但引用'intDB_ID_Selected'之前一直有效,并且它已在更新表单上设置记录加载为intDB_ID_Selected = CInt(frmMain.lvRec.SelectedItems(0).Text)

我知道这是一个巨大的线索,但如果有人能指引我朝正确的方向指导我重写整个声明,我将永远感激不尽。

EDIT1:我在WHERE子句之前修复了逗号,但是我仍然遇到同样的错误。

3 个答案:

答案 0 :(得分:2)

缺少

之间的空格 
 "Update PersonsA " & _
 "SET Members_ID= ....

和(如已经指出的)在WHERE

之前不需要逗号

说,帮助自己和用户。不要使用字符串连接来构建sql命令。始终使用参数化查询。

就像一个例子

SQL = "Update PersonsA SET Members_ID=@id, Gamer_Tag=@tag, Screenname=@screen," & _
      "First_Name=@fname,Last_Name=@lname,DoB=@dob,E_Mail_Address=@email," & _
      "Position=@pos,U_G_Studio=@studio,Cautions=@caution,Record=@rec," & _
      "Event_Attendance=@event, Member_Status=@stat " & _
      "WHERE Members_ID=@id"
SqlCommand cmd = new SqlCommand(SQL, connection)
cmd.Parameters.AddWithValue("@id", Me.midtxt.Text.Trim)
..... so on for the other parameters defined above ....
cmd.ExecuteNonQuery();

答案 1 :(得分:1)

更改"Member_Status='" & Me.Mstattxt.Text.Trim & "'," & _

"Member_Status='" & Me.Mstattxt.Text.Trim & "'" & _

看起来它只是一个额外的流氓逗号!

答案 2 :(得分:0)

如果出现此类错误,请使用Visual Studio提供的调试。检查SQL的值,粘贴到MS SQL Management Studio中 - 它具有语法高亮,您应该能够轻松发现错误。

要防止进一步的问题(包括SQL注入漏洞),请将此查询分隔为嵌入式资源,并使用参数。然后,它很容易查看,维护(您可以在SQL Mgmt Studio和VS之间复制/粘贴),并最终在代码中使用它。

附注,您不需要在VB.NET中使用Call,只需将方法名称加上括号。

相关问题
最新问题