关于sql查询错误

时间:2011-05-02 12:13:20

标签: asp.net sql vb.net

这是我的admin.aspx.vb

Imports System.Data.SqlClient

Partial Class Admin
    Inherits System.Web.UI.Page
    Dim conn As New SqlConnection("Data Source=CHIRAG-PC;Initial Catalog=car;Integrated Security=True")
    Dim cmd As SqlCommand
    Dim drd As SqlDataReader
    Dim adp As SqlDataAdapter
    Dim y As String

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    End Sub

    Protected Sub GridView1_SelectedIndexChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles GridView1.SelectedIndexChanged
        Dim x As Integer


        x = GridView1.SelectedIndex
        y = GridView1.Rows(x).Cells(1).Text





    End Sub

   Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim str As String
        str = "update carHeader set cartype='" + car.Text.ToString() + "',imagefile='" + img.Text + "',capacity=" + cap.Text + "where  id=" + Convert.ToDouble(y)
        conn.Open()
        cmd = New SqlCommand(str, conn)
        cmd.ExecuteNonQuery()
        conn.Close()
    End Sub
End Class

及其admin.aspx

<%@ Page Title="" Language="VB" MasterPageFile="~/MasterPage.master" AutoEventWireup="false" CodeFile="Admin.aspx.vb" Inherits="Admin" %>

<asp:Content ID="Content1" ContentPlaceHolderID="HeadContent" Runat="Server">
   <br />
   <br />
</asp:Content>


<asp:Content ID="Content2" runat="server" contentplaceholderid="MainContent">
    <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
        ConnectionString="Data Source=CHIRAG-PC;Initial Catalog=car;Integrated Security=True" 
        ProviderName="System.Data.SqlClient" 
        SelectCommand="SELECT * FROM [carHeader] ORDER BY [id]"></asp:SqlDataSource>
    <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" 
        DataSourceID="SqlDataSource1" Height="149px" Width="267px">
        <Columns>
            <asp:CommandField ShowSelectButton="True" />
            <asp:BoundField DataField="id" HeaderText="id" 
                SortExpression="id" />
            <asp:BoundField DataField="cartype" HeaderText="cartype" 
                SortExpression="cartype" />
            <asp:BoundField DataField="imagefile" HeaderText="imagefile" 
                SortExpression="imagefile" />
            <asp:BoundField DataField="capacity" HeaderText="capacity" 
                SortExpression="capacity" />
        </Columns>
    </asp:GridView>
    <asp:Panel ID="Panel1" runat="server">
        <asp:Label ID="Label1" runat="server" Text="Image file"></asp:Label>
        <asp:TextBox ID="img" runat="server"></asp:TextBox>

        <asp:Label ID="Label2" runat="server" Text="Car Type"></asp:Label>

        <asp:TextBox ID="car" runat="server"></asp:TextBox>
        <asp:Label ID="Label3" runat="server" Text="capacity"></asp:Label>
        <asp:TextBox ID="cap" runat="server"></asp:TextBox>


        <asp:Button ID="Button1" runat="server" Text="Save" />


    </asp:Panel>
</asp:Content>

在sql查询中获取有关其更新语句的错误

和表内容属于carHeader: cartype varchar,id int,imagefile varchar,capacity int

1 个答案:

答案 0 :(得分:1)

... + cap.Text + "where ...

请注意where之前缺少空格。它可能会产生如下声明:

... field = valuewhere ...

这会破坏SQL。

此外,从安全性和性能的角度来看,在这样的SQL语句中使用字符串连接是不好的做法。您需要查看使用parameterized queries

修改:根据您的评论:

  

它给我的错误转换从更新设置cartype = ....到double类型无效

听起来错误是指查询的这一部分:

set cartype='" + car.Text.ToString() + "'

cartype是什么类型的?根据错误消息,它是double。但是根据您的查询,您尝试将其设置为字符串值(通过将其包装在单引号中)。如果它是double,那么它需要是一个数值,而不是一个字符串。