UPDATE语句中的语法错误(MS Access数据库)

时间:2016-10-19 05:01:12

标签: c# database syntax

This is the image 

private void button1_Click(object sender, EventArgs e)
{
    if (textBox1.Text == "" || textBox2.Text == "" || textBox3.Text == "" || textBox4.Text == "" || textBox5.Text == "" || textBox6.Text == "")
    {
        MessageBox.Show("Please Complete all Field");
    }
    else
    {
        if ((textBox3.Text == textBox4.Text) && (textBox5.Text == textBox6.Text))
        {
            connect.Open();
            OleDbCommand command = new OleDbCommand();
            command.Connection = connect;
            command.CommandText = "update Table2 set username ='" + textBox2.Text + "', password ='" + textBox6.Text + "' where AID='" + aid + "'";
            command.ExecuteNonQuery();
            MessageBox.Show("Admin account update complete!");
            connect.Close();
        }
        else
        {
            MessageBox.Show("Field dont match each other!");
        }
    }
}
private void button2_Click(object sender, EventArgs e)
{
    if (textBox7.Text == "" || textBox8.Text == "" || textBox9.Text == "")
    {
        MessageBox.Show("Please Complete all Field");
    }
    else
    {
        if (textBox8.Text == textBox9.Text)
        {
            connect.Open();
            OleDbCommand command = new OleDbCommand();
            command.Connection = connect;
            command.CommandText = "insert into Table2 (username,password) values('" + textBox7.Text + "','" + textBox9.Text + "')";
            command.ExecuteNonQuery();
            MessageBox.Show("Admin account add complete!");
            connect.Close();
            textBox7.Text = "";
            textBox8.Text = "";
            textBox9.Text = "";
        }
    }
}

我在两个按钮上UPDATE的{​​{1}}语句中收到语法错误。我已经在我的数据库上创建了新表但仍然是相同的。还要仔细检查拼写及其所有优点。

2 个答案:

答案 0 :(得分:1)

使用参数化查询,您将不会遇到此问题。此外,您将受到SqlInjection的保护。

command.CommandText = @"update Table2 set username=@UserName, password=@Password where AID=@ID";

command.Parameters.AddWithValue("@UserName", textBox2.Text);
command.Parameters.AddWithValue("@Password", textBox6.Text);
command.Parameters.AddWithValue("@ID", aid);

这是第二个CommandText 

command.CommandText = @"insert into Table2 (username,password) Values (@UserName,@Password)";

command.Parameters.AddWithValue(@UserName, textBox7.Text);
command.Parameters.AddWithValue(@Password, textBox9.Text);

参数的顺序应与在OleDb查询中编写的顺序相同。此外,当您使用参数时,您不必担心',您的查询看起来更好且易于阅读。将来写下文本框名称对其他用户来说会更容易理解。

答案 1 :(得分:0)

usernamepassword

之后检查您的命令间距 
command.CommandText = "update Table2 set username='" + textBox2.Text + "', password='" + textBox6.Text + "' where AID='" + aid + "'";
相关问题
最新问题