使用vb和sql更新数据库中的数据

时间:2014-05-23 18:46:10

标签: sql database vb.net

我想使用数据库中的文本框更新数据但我收到错误消息。错误是"'('。"

)附近的语法不正确

下面是更新数据的代码

希望你们都能帮我解决问题。谢谢:))

dbSource = "Data Source=LAILATUL-PC\SERVER;Initial Catalog=HotelManagementSystem;Integrated Security=True"

            con = New SqlConnection(dbSource)

            con.Open()

            Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

            cmd = New SqlCommand(sqlUpdate)

            cmd.Connection = con


            cmd.Parameters.AddWithValue("@RoomCode", txtRoomCode.Text)
            cmd.Parameters.AddWithValue("@RoomType", txtRoomType.Text)
            cmd.Parameters.AddWithValue("@RoomNo", txtRoomNo.Text)
            cmd.Parameters.AddWithValue("@RoomPrice", txtRoomPrice.Text)
            cmd.Parameters.AddWithValue("@RoomStatus", txtRoomStatus.Text)
            cmd.Parameters.AddWithValue("@NoOfOccupancy", txtNoOfOccupancy.Text)


            cmd.ExecuteNonQuery()



            MessageBox.Show("Successfully saved", "Record", MessageBoxButtons.OK, MessageBoxIcon.Information)

3 个答案:

答案 0 :(得分:0)

需要引用WHERE子句中的房间代码文本

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

修改 或者更好的是将其作为参数。

答案 1 :(得分:0)

我相信这句话:

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

需要重写如下:

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, [Room_Type] = @RoomType,  [Room_No] = @RoomNo, [Room_Price] = @RoomPrice, [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

你有两个问题。你没有引用你的txtRoomCode.txt值,这不是UPDATE语句的正确语法,除非我真的很困惑。

答案 2 :(得分:0)

您已经在使用参数,不要忘记最后一个可以打开sql注射攻击的参数。

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"
相关问题
最新问题