关键字'WHERE'附近的语法不正确

时间:2016-01-07 22:50:46

标签: c# sql

请帮助我,因为我是初学者,我正在更新员工记录,从datagridview中选择我在性别领域与两个单选按钮和3个日期字段dob,doj& doexpid,我不知道如何编写dg1_CellClick下的代码以及何时执行代码

  

“关键字WHERE附近的语法不正确”

private void dg1_CellClick(object sender, DataGridViewCellEventArgs e)
{
    txtempcode.Text = dg1.SelectedRows[0].Cells[0].Value.ToString();
    txtfrstname.Text = dg1.SelectedRows[0].Cells[1].Value.ToString();
    txtlstname.Text = dg1.SelectedRows[0].Cells[2].Value.ToString();
    if (male.Checked || female.Checked)
    {
        dg1.SelectedRows[0].Cells[3].Value.ToString();
    }
    txtaddr.Text = dg1.SelectedRows[0].Cells[4].Value.ToString();
    txtcont.Text = dg1.SelectedRows[0].Cells[5].Value.ToString();
    txtblodgrp.Text = dg1.SelectedRows[0].Cells[6].Value.ToString();
    txtcountry.Text = dg1.SelectedRows[0].Cells[8].Value.ToString();
    combobranch.Text = dg1.SelectedRows[0].Cells[9].Value.ToString();
    txtnetsalary.Text = dg1.SelectedRows[0].Cells[10].Value.ToString();
    combodesig.Text = dg1.SelectedRows[0].Cells[11].Value.ToString();
    txtqibacc.Text = dg1.SelectedRows[0].Cells[14].Value.ToString();
    txtremark.Text = dg1.SelectedRows[0].Cells[15].Value.ToString();

    cn.Open();

    SqlCommand cmd = new SqlCommand("SELECT empimage FROM employee WHERE empcode = '" + dg1.SelectedRows[0].Cells[0].Value.ToString() + "'", cn );
    da.SelectCommand = cmd;
    DataSet ds = new DataSet();
    byte[] mydata = new byte[0];
    da.Fill(ds, "employee");
    DataRow myrow;
    myrow = ds.Tables["employee"].Rows[0];
    mydata = (byte[])myrow["empimage"];
    MemoryStream stream = new MemoryStream(mydata);
    pb1.Image = Image.FromStream(stream);
    cn.Close();
}

private void button3_Click(object sender, EventArgs e)
{
    cn.Open();
    int i = 0;
    SqlCommand cmd = new SqlCommand("UPDATE Employee SET empcode = '" + txtempcode.Text + "', firstname = '" + txtfrstname.Text + "', lastname = '" + txtlstname.Text + "', gender = @gender, address = '" + txtaddr.Text + "', contactno = '" + txtcont.Text + "' , bloodgroup = '" + txtblodgrp.Text + "' , dateofbirth = '" + dob.Value.ToString("yyyy/MM/dd") + "' , country = '" + txtcountry.Text + "' , department = '" + combobranch.Text + "', basic_sal = '" + txtnetsalary.Text + "' , designation = '" + combodesig.Text + "' , doj = '" +doj.Value.ToString("yyyy/MM/dd") + "', doexpid = '" + doexpqid.Value.ToString("yyyy/MM/dd") + "' , pf_acc_no = '" + txtqibacc.Text + "' , remarks = '" + txtremark.Text + "', @empimage WHERE empcode = '" + dg1.SelectedRows[0].Cells[0].Value.ToString() + "'", cn);
        if (male.Checked)
        cmd.Parameters.Add(new SqlParameter("@gender", "male"));
    else
        //if (female.Checked)
        cmd.Parameters.Add(new SqlParameter("@gender", "Female"));
    MemoryStream stream = new MemoryStream();
    pb1.Image.Save(stream, System.Drawing.Imaging.ImageFormat.Jpeg);
    byte[] pic = stream.ToArray();
    cmd.Parameters.AddWithValue("@empimage", pic);

    i = cmd.ExecuteNonQuery();

    if (i > 0)
    {
        MessageBox.Show("Successfully Updated Employee Record" + i);
    }
    cn.Close();

1 个答案:

答案 0 :(得分:3)

如果在WHERE之前删除此psql,那么您的查询将按预期工作。

但是,我强烈建议您使用参数重写此查询。这样做,您将获得安全性(避免SQL注入)和可读性。