我使用这个编码来更新按钮来更新datagridview中我的表格中的数据,但它仍然显示错误。我需要一些帮助来解决这个问题
Dim MyItems As Integer
Dim MyItemNo As Integer
Dim ItemDescription As String
MyItems = GridViewItems.CurrentRow.Index
MyItemNo = GridViewItems.Item(0, MyItems).Value
ItemDescription = GridViewItems.Item(1, MyItems).Value
Dim SqlQuery As String = " UPDATE ITEMS = '" & MyItems & "'WHERE Item_No = " & MyItemNo & ""
Dim SqlCommand As OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = conn
.ExecuteNonQuery()
End With
答案 0 :(得分:1)
您使用UPDATE sql statement是错误的。正确的语法是
UPDATE <tablename> SET <field1> = <value>, <field2> = <value> WHERE <field3> = <value>
但是还存在应该解决的字符串连接问题 因此,您可以将代码重写为
Dim SqlQuery As String = "UPDATE yourTableName SET ITEMS = ? WHERE Item_No = ?"
Dim SqlCommand As OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = conn
.Parameters.AddWithValue("@p1", MyItems)
.Parameters.AddWithValue("@p2", MyItemNo)
.ExecuteNonQuery()
End With
这是参数化查询的示例。当您需要将用户提交的值传递到数据库时,应始终使用此方法。如果没有这个,您的代码就会向SQL Injection and other parsing problems
开放