请帮助我,因为我是初学者,我正在更新员工记录,从datagridview中选择我在性别领域与两个单选按钮和3个日期字段dob,doj& doexpid,我不知道如何编写dg1_CellClick下的代码以及何时执行代码
“关键字
WHERE附近的语法不正确”
private void dg1_CellClick(object sender, DataGridViewCellEventArgs e)
{
txtempcode.Text = dg1.SelectedRows[0].Cells[0].Value.ToString();
txtfrstname.Text = dg1.SelectedRows[0].Cells[1].Value.ToString();
txtlstname.Text = dg1.SelectedRows[0].Cells[2].Value.ToString();
if (male.Checked || female.Checked)
{
dg1.SelectedRows[0].Cells[3].Value.ToString();
}
txtaddr.Text = dg1.SelectedRows[0].Cells[4].Value.ToString();
txtcont.Text = dg1.SelectedRows[0].Cells[5].Value.ToString();
txtblodgrp.Text = dg1.SelectedRows[0].Cells[6].Value.ToString();
txtcountry.Text = dg1.SelectedRows[0].Cells[8].Value.ToString();
combobranch.Text = dg1.SelectedRows[0].Cells[9].Value.ToString();
txtnetsalary.Text = dg1.SelectedRows[0].Cells[10].Value.ToString();
combodesig.Text = dg1.SelectedRows[0].Cells[11].Value.ToString();
txtqibacc.Text = dg1.SelectedRows[0].Cells[14].Value.ToString();
txtremark.Text = dg1.SelectedRows[0].Cells[15].Value.ToString();
cn.Open();
SqlCommand cmd = new SqlCommand("SELECT empimage FROM employee WHERE empcode = '" + dg1.SelectedRows[0].Cells[0].Value.ToString() + "'", cn );
da.SelectCommand = cmd;
DataSet ds = new DataSet();
byte[] mydata = new byte[0];
da.Fill(ds, "employee");
DataRow myrow;
myrow = ds.Tables["employee"].Rows[0];
mydata = (byte[])myrow["empimage"];
MemoryStream stream = new MemoryStream(mydata);
pb1.Image = Image.FromStream(stream);
cn.Close();
}
private void button3_Click(object sender, EventArgs e)
{
cn.Open();
int i = 0;
SqlCommand cmd = new SqlCommand("UPDATE Employee SET empcode = '" + txtempcode.Text + "', firstname = '" + txtfrstname.Text + "', lastname = '" + txtlstname.Text + "', gender = @gender, address = '" + txtaddr.Text + "', contactno = '" + txtcont.Text + "' , bloodgroup = '" + txtblodgrp.Text + "' , dateofbirth = '" + dob.Value.ToString("yyyy/MM/dd") + "' , country = '" + txtcountry.Text + "' , department = '" + combobranch.Text + "', basic_sal = '" + txtnetsalary.Text + "' , designation = '" + combodesig.Text + "' , doj = '" +doj.Value.ToString("yyyy/MM/dd") + "', doexpid = '" + doexpqid.Value.ToString("yyyy/MM/dd") + "' , pf_acc_no = '" + txtqibacc.Text + "' , remarks = '" + txtremark.Text + "', @empimage WHERE empcode = '" + dg1.SelectedRows[0].Cells[0].Value.ToString() + "'", cn);
if (male.Checked)
cmd.Parameters.Add(new SqlParameter("@gender", "male"));
else
//if (female.Checked)
cmd.Parameters.Add(new SqlParameter("@gender", "Female"));
MemoryStream stream = new MemoryStream();
pb1.Image.Save(stream, System.Drawing.Imaging.ImageFormat.Jpeg);
byte[] pic = stream.ToArray();
cmd.Parameters.AddWithValue("@empimage", pic);
i = cmd.ExecuteNonQuery();
if (i > 0)
{
MessageBox.Show("Successfully Updated Employee Record" + i);
}
cn.Close();
答案 0 :(得分:3)
如果在WHERE之前删除此psql,那么您的查询将按预期工作。
但是,我强烈建议您使用参数重写此查询。这样做,您将获得安全性(避免SQL注入)和可读性。