我在cmd.ExecuteNonQuery()时遇到错误;其他部分工作正确但在此部分有错误,当我更新gridview中的记录
connectionString cs= ConfigurationManager.ConnectionStrings["AddUserConnectionString"].ConnectionString; .....它正常工作但不更新数据库中的记录,显示此错误..
protected void GridView1_RowUpdating(object sender, System.Web.UI.WebControls.GridViewUpdateEventArgs e)
{
TextBox CName = GridView1.Rows[e.RowIndex].FindControl("txt_CName") as TextBox;
TextBox CNumber = GridView1.Rows[e.RowIndex].FindControl("txt_CNumber") as TextBox;
TextBox CAltNumber = GridView1.Rows[e.RowIndex].FindControl("txt_CAltNumber") as TextBox;
DropDownList PlanType = GridView1.Rows[e.RowIndex].FindControl("txt_PlanType") as DropDownList;
TextBox WNumber = GridView1.Rows[e.RowIndex].FindControl("txt_WNumber") as TextBox;
TextBox CAddress = GridView1.Rows[e.RowIndex].FindControl("txt_CAddress") as TextBox;
TextBox Date = GridView1.Rows[e.RowIndex].FindControl("txt_Date") as TextBox;
con = new SqlConnection(cs);
con.Open();
SqlCommand cmd = new SqlCommand(cd,con);
cmd.Connection = con;
cmd.CommandText = "Update CustomerDetails set( CName='" + CName.Text + "',CNumber='" + CNumber.Text + "',CAltNumber='" + CAltNumber.Text + "',PlanType='" + PlanType.SelectedItem+ "',WNumber='" + WNumber.Text + "',CAddress='" + CAddress.Text + "',Date='" + Date.Text + "') where CNumber='" + CNumber.Text + "'";
int abc=cmd.ExecuteNonQuery ();
if ( abc != 0)
{
Label1.Text = "Details Submitted...";
}
else
{
Label1.Text = "Details Not Submitted...";
}
con.Close();
GridView1.EditIndex = -1;
ShowData();
}
答案 0 :(得分:1)
错误在这一行:
cmd.CommandText = "Update CustomerDetails set( CName='" + CName.Text + "',CNumber='" + CNumber.Text + "',CAltNumber='" + CAltNumber.Text + "',PlanType='" + PlanType.SelectedItem+ "',WNumber='" + WNumber.Text + "',CAddress='" + CAddress.Text + "',Date='" + Date.Text + "') where CNumber='" + CNumber.Text + "'";
'('错误后,更新语句中的set错误。您必须在之前删除匹配的')'。
Plaease使用参数。
答案 1 :(得分:1)
如果你稍微清理一下你的查询可能会更清楚:
protected void GridView1_RowUpdating(object sender, System.Web.UI.WebControls.GridViewUpdateEventArgs e)
{
TextBox CName = GridView1.Rows[e.RowIndex].FindControl("txt_CName") as TextBox;
TextBox CNumber = GridView1.Rows[e.RowIndex].FindControl("txt_CNumber") as TextBox;
TextBox CAltNumber = GridView1.Rows[e.RowIndex].FindControl("txt_CAltNumber") as TextBox;
DropDownList PlanType = GridView1.Rows[e.RowIndex].FindControl("txt_PlanType") as DropDownList;
TextBox WNumber = GridView1.Rows[e.RowIndex].FindControl("txt_WNumber") as TextBox;
TextBox CAddress = GridView1.Rows[e.RowIndex].FindControl("txt_CAddress") as TextBox;
TextBox Date = GridView1.Rows[e.RowIndex].FindControl("txt_Date") as TextBox;
con = new SqlConnection(cs);
con.Open();
SqlCommand cmd = new SqlCommand(cd,con);
cmd.Connection = con;
cmd.CommandText = "Update CustomerDetails set
CName=@cName,
CNumber=@cNumber,
CAltNumber=@cAltNumber,
PlanType=planType,
WNumber=@wNumber,
CAddress=@cAddress,
Date=@date
where CNumber=cNumber";
cmd.Parameters.Add(new SqlParameter("@cName", CName.Text));
cmd.Parameters.Add(new SqlParameter("@cNumber", CNumber.Text));
cmd.Parameters.Add(new SqlParameter("@cAltNumber", CAltNumber.Text));
cmd.Parameters.Add(new SqlParameter("@planType", PlanType.SelectedItem));
cmd.Parameters.Add(new SqlParameter("@wNumber", WNumber.Text));
cmd.Parameters.Add(new SqlParameter("@cAddress", CAddress.Text));
cmd.Parameters.Add(new SqlParameter("@date", Date.Text));
int abc=cmd.ExecuteNonQuery ();
if ( abc != 0)
{
Label1.Text = "Details Submitted...";
}
else
{
Label1.Text = "Details Not Submitted...";
}
con.Close();
GridView1.EditIndex = -1;
ShowData();
}
此处完整语法: http://www.w3schools.com/sql/sql_update.asp¨
请注意,我还将值作为参数,这些(在我看来)会使查询更清晰,但也会阻止SQL injection。它是手工绘制的,但我希望它能帮助你。