'附近的语法不正确('更新数据库中的记录时)

时间:2014-04-28 01:28:18

标签: c# sql sql-server

我的代码产生Incorrect syntax near '('异常。我尝试了两种不同的方法,但它们都产生了相同的异常。我正在尝试更新数据库中的记录。

这是我的代码,产生异常的行是Execute非查询行。注释掉的updater.Fill(dtable)也会产生相同的异常。

protected void btnSave_Click(object sender, EventArgs e)
{
    int found = 0; // No match found so far

    // Get the current selected Manufacturer
    string currentManufacturer = grdManufact.SelectedRow.Cells[1].Text;
    string currentIsModerated = grdManufact.SelectedRow.Cells[3].Text;

    // Connect to the database
    string strConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString2"].ToString();
    SqlConnection conn = new SqlConnection(strConnectionString); 
    conn.Open();


    // Try to find if new record would be a duplicate of an existing database record
    if (txtManufactureName.Text != currentManufacturer)
    {
        string findrecord = "SELECT * From VehicleManufacturer WHERE ManufacturerName = '" + txtManufactureName.Text + "'";
        SqlDataAdapter adpt = new SqlDataAdapter(findrecord, conn);
        DataTable dt = new DataTable();
        found = adpt.Fill(dt);
    }

    if (found == 0) // New record is not a duplicate you can proceed with record update
    {
        String query;
        if (checkBoxModerated.Checked)
        {
            query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','true') WHERE ManufacturerName = " + currentManufacturer + ";";
        }
        else
        {
            query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','false') WHERE ManufacturerName = " + currentManufacturer + ";";
        }
        using (SqlCommand command = new SqlCommand(query, conn))
        {
            command.ExecuteNonQuery();
        }
       //using (SqlDataAdapter updater = new SqlDataAdapter(command))
       // {
        //    DataTable dtable = new DataTable();
        //    updater.Fill(dtable);
       // }
        txtMessage.Text = "Manufacturer record changed Successfully";
        txtManufactureName.Text = "";
        txtDescription.Text = "";
        checkBoxModerated.Checked = false;

    }
    else
    { // Record is a duplicate of existing database records. Give error message.
        txtMessage.Text = "Sorry, that manufacturer name already exists.";
    }
}

2 个答案:

答案 0 :(得分:7)

您使用的UPDATE语句语法不正确。

而不是

UPDATE Table (Fields) VALUES (Values) WHERE ...

应该是

UPDATE Table SET Field1=Value1, Field2=Value2 WHERE ...

此外,您有一个SQL注入漏洞(虽然这不是您的例外原因)。 不要对用户输入的SQL查询使用字符串连接。请改用prepared statements

答案 1 :(得分:3)

尝试这种方法,它也更安全:

var isModerated = checkBoxModerated.Checked ; //true or false
//var isModerated = (checkBoxModerated.Checked)? 'true' : 'false' ;

command.Text = "UPDATE VehicleManufacturer 
                SET ManufacturerName = @manufacturerName, 
                    ManufacturerDescription = @manufacturerDescription, 
                    IsModerated = @isModerated  
                WHERE ManufacturerName = @manufacturer_name";



command.Parameters.AddWithValue("@manufacturerName", txtManufactureName.Text);
command.Parameters.AddWithValue("@manufacturerDescription", txtDescription.Text);
command.Parameters.AddWithValue("@isModerated", isModerated);
command.Parameters.AddWithValue("@manufacturer_name", txtManufactureName.Text);


command.ExecuteNonQuery();
相关问题
最新问题