错误错误1操作员'&'没有为类型'String'和'System.Windows.Forms.TextBox'定义。
这有什么问题????!?? ??
SQL = "UPDATE ATG_PP_QTE_HEAD SET " & _
"PART = '" & txtPart.Text & "', " & _
"LOCATION = '" & txtLoc.Text & "', " & _
"DESCRIPTION = '" & txtDescription.Text & "', " & _
"CUSTOMER = '" & txtCustID.Text & "', " & _
"CONTACT_NAME = '" & txtContactName.Text & "', " & _
"CONTACT_PHONE = '" & txtPhone.Text & "', " & _
"CONTACT_EMAIL = '" & txtEmail.Text & "', " & _
"LEAD_TIME = '" & txtLead.Text & "', " & _
"SETUP = " & txtSetup.Text & ", " & _
"WEIGHTPP = " & txtPCWT.Text & ", " & _
"NOTES = '" & txtNotes.Text & "', " & _
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
"LABOR_RATE = " & txtLabor.Text & ", " & _
"OVERHEAD = " & txtOH.Text & ", " & _
"GA = " & txtGA.Text & ", " & _
"SORT_CODE = '" & txtSortCode.Text & "', " & _
"REFERENCE = '" & txtReference.Text & "', " & _
"PL = '" & txtPL.Text & "', " & _
"CUST_DRAW_NO = '" & txtCustDraw.Text & "', " & _
"COMMISSION = " & txtCommission.Text & ", " & _
"PCWT = " & txtPCWT & _
"WHERE QUOTE_ID = " & txtQuoteID.Text
答案 0 :(得分:4)
这有什么问题????!?? ??
实际上很多。但让我们从错误本身开始......
在这一行:
"PCWT = " & txtPCWT & _
您正在尝试将TextBox连接到String。正如错误所述,您无法做到这一点。也许您打算使用.Text属性:
"PCWT = " & txtPCWT.Text & _
现在, else 是错的?
首先,您的代码 非常容易受到攻击 到SQL注入攻击。您将要使用参数化查询而不是执行用户输入作为代码。
其次,使用参数化查询将使代码更容易阅读和支持,这将使这样的错误更容易找到。
第三,在这一行上存在很大的漏洞潜力:
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
使用参数化查询将从查询中删除与文化相关的字符串表示形式,并在查询中使用实际 DateTime数据。而且你也应该养成使用DateTime.UtcNow的习惯,因为当你需要多次处理时,拥有一致的非时区依赖值会使事情变得更容易 区。