这个查询中有什么错误显示错误... AND
附近的语法不正确Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim cmd As New Data.SqlClient.SqlCommand
Dim con As New Data.SqlClient.SqlConnection(constr)
Try
Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' AND hotel = '" & TextBox2.Text & "' AND location = '" & TextBox3.Text & "' AND price = '" & TextBox4.Text & "' AND category = '" & Rating1.CurrentRating & "' AND short = '" & TextBox6.Text & "' AND details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"
'------------"
con.Open()
cmd.Connection = con
cmd.CommandText = strSql
cmd.ExecuteNonQuery()
Catch ex As Exception
Response.Write(ex.Message)
Finally
cmd.Dispose()
con.Dispose()
End Try
End Sub
答案 0 :(得分:2)
Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' , hotel = '" & TextBox2.Text & "' , location = '" & TextBox3.Text & "' , price = '" & TextBox4.Text & "' , category = '" & Rating1.CurrentRating & "' , short = '" & TextBox6.Text & "' , details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"
试试这个
答案 1 :(得分:0)
我认为你不需要所有这些AND,使用逗号......
顺便提及
string.Format或更好的Parameterised Queries或Stored Procedures比所有这些频繁加入的字符串更好。 Dim strSql As String
strSql = "UPDATE hotels SET city = '{0}', hotel = '{1}', location = '{2}', price = '{3}', category = '{4}', short = '{5}', details = '{6}' WHERE hotelid ='{7}'"
strSql = String.Format(strSql, ,TextBox1.Text.Trim(), TextBox2.Text.Trim(), TextBox3.Text.Trim(), TextBox4.Text.Trim(), Rating1.CurrentRating, TextBox6.Text,Editor1.Content,Request.QueryString("hotelid"))
Trim()文本值的好习惯。这样你就不会在参数/参数中找到讨厌的空格。答案 2 :(得分:0)
您还需要验证文本框中的输入,以便对您进行注入攻击。