我的代码会引发错误 - 我需要你的帮助来解决它。
错误是
更新语句中的语法错误
我的代码:
Try
Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString)
Dim cmd As OleDbCommand
conn.Open()
Dim Sql As String = "select * from Administretor"
cmd = New OleDbCommand(Sql, conn)
Dim userE, userR As String
userE = txtOldPass.Text
Dim reder As OleDbDataReader = cmd.ExecuteReader()
While reder.Read()
userR = reder.Item(0)
End While
If userE = userR Then
If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then
Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn)
cmd0.ExecuteNonQuery()
Else
MsgBox("Make sure that you have entered new password in both text Box and they both are same...!")
End If
Else
MsgBox("Enter the correct Username")
End If
MsgBox("Done 2")
Catch ex As OleDbException
MsgBox(ex.Message)
End Try
答案 0 :(得分:1)
两个错误
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| |
Missing single quote here---+ |
|
LogIn_Id will never equal the old password--------------------------------+
但是除了简单的语法错误之外,您还会因构建SQL(包括用户输入)而产生巨大的SQL注入漏洞。
答案 1 :(得分:0)
在这部分中,
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...
密码在它之前会有一个单引号,之后没有单引号。
将其更改为:
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
请注意这里的额外单引号---------------------------------------- ^
答案 2 :(得分:0)
添加以下语法:
Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
Clipboard.SetText(Sql)
查询将在您的剪贴板中。在SQL上运行它(无论你使用哪个),看看查询是否运行顺畅?
请向我们展示查询生成的内容以及直接从SQL运行时产生的错误。