此处我的查询是否有人可以发现错误
str = "update student set course='" & ComboBox1.Text & "',name='" &
TextBox2.Text & "',f_name='" & TextBox3.Text & "',address='" & TextBox4.Text
& "' ,tel_no='" & TextBox5.Text & "',qualification='" & TextBox6.Text &
"',remarks='" & TextBox7.Text & "',school/college='" & TextBox8.Text &
"',fee='" & TextBox10.Text & "' where reg_no=" & TextBox9.Text & " "
答案 0 :(得分:1)
以下是构建此查询的更好方法:
str = "update student " &
" set course= @course, name= @name, f_name= @fname, address= @address," &
" tel_no= @tel, qualification = @qualification, remarks= @remarks," &
" `school/college`=@school, fee= @fee" &
" where reg_no= @regno"
Using cn As New MySqlConnection("connection string here"), _
cmd As New MySqlCommand(str, cn)
'Use actual column types/lengths from your DB here
cmd.Parameters.Add("@course", MySqlDbType.VarChar, 15).Value = ComboBox1.Text
cmd.Parameters.Add("@name", MySqlDbType.VarChar, 25).Value = TextBox2.Text
cmd.Parameters.Add("@fname", MySqlDbtype.VarChar, 25).Value = TextBox3.Text
cmd.Parameters.Add("@address", MySqlDbType.VarChar, 120).Value = TextBox4.Text
cmd.Parameters.Add("@tel", MySqlDbType.VarChar, 25).Value = TextBox5.Text
cmd.Parameters.Add("@qualification", MySqlDbType.VarChar, 40).Value = TextBox6.Text
cmd.Parameters.Add("@remarks", MySqlDbType.VarString).Value = TextBox7.Text
cmd.Parameters.Add("@school", MySqlDbType.VarChar, 40).Value = TextBox8.Text
cmd.Parameters.Add("@fee", MySqlDbType.Decimal, 6, 2).Value = Convert.ToDecimal(TextBox10.Text)
cmd.Parameters.Add("@regno", MySqlDbType.Int32).Value = Integer.Parse(TextBox9.Text)
cn.Open()
cmd.ExecuteNonQuery()
End Using
这对你有很多帮助:
'
)之类的数据。如果有人提出单引号,你所拥有的代码就会失败。