string sql2 = "UPDATE project_table
SET resources=(resources-" + txtresource.Text + ")
where code=" + project_code + "";
我使用下面的查询来更新我的表,但似乎我的数据库没有减去资源。我做错了什么?
答案 0 :(得分:2)
转换它,然后在查询中使用
int val = Convert.ToInt32(txtresource.Text.Trim());
SET resources = resources - val
最后考虑使用SQLParameter来避免SQL Injection Attack
string sql2 = "UPDATE project_table SET resources = resources - @val where code = @code";
//Create Command
SqlCommand cmd = new SqlCommand(sql2, connectionObject);
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add(SQLDbType.INT, @val).Value = val;
cmd.Parameters.Add(SQLDbType.VARCHAR, @code).Value = project_code;