我在尝试从数据库中选择数据时收到此错误,但我对如何修复它感到很遗憾。我的查询在我的数据库中有效,但我不确定发生了什么
randomget = "SELECT top 1 id, Department, Team, Process, SubProcess, SubTask, LastUpdatedBy from workload where stepstatus = 'complete' and agent is null or agent = 0 ";
OleDbConnection MyConn = new OleDbConnection();
MyConn.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=.......;Persist Security Info=False";;
MyConn.Open();
OleDbCommand cmd = MyConn.CreateCommand();
cmd.CommandText = randomget;
OleDbDataReader reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
int id = 0;
while (reader.Read())
{
id = int.Parse(reader[0].ToString());
textBox8.Text = reader[6].ToString();
textBox5.Text = reader[1].ToString();
textBox6.Text = reader[2].ToString();
textBox7.Text = reader[3].ToString();
textBox9.Text = reader[4].ToString();
textBox11.Text = reader[5].ToString();
break;
}
// input table name here
textBox2.Text = agentsrf.ToString();
string sqlupdate = "Update workload set agent = '" + agent + "', where ID = " + id + " ' ";
}
public OleDbConnection connection { get; set; }
答案 0 :(得分:2)
在,删除它之后你有一个迷路set agent = '" + agent + "'然后它运行正常。此外,您应该使用parameterized queries,因为SQL Injection打开了这种字符串连接:
string sqlupdate = "Update workload set agent = @agent where ID = @id ";
cmd.Parameters.AddWithValue("@agent", agent );
cmd.Parameters.AddWithValue("@id", id);