sql语法错误发生?
[英]sql syntax error occur?
问题描述
string query = "update library_database.members set name='" + txtname.Text + "', Adresss='" + richtxtadress.Text + "',";
query = query + "Status='" + cmbstatus.SelectedText + "',Type='" + cmbtype.SelectedText + "',";
query = query + "Date_expiry='" + dateofexpiry.Value.ToString("yyyy-MM-dd") + "',@IMG";
query=query+"' where id='";
query = query + txtid.Text + "'";
cmd = new MySqlCommand(query, con);
cmd.Parameters.Add(new MySqlParameter("@IMG", imgbt));
The exception occur SQL Santax error at line 1 near @IMG. 
异常发生在@IMG附近的第1行的SQL Santax错误。 Please help how can I solve it? 请帮我怎么解决?
1 个解决方案
解决方案1
2 2014-09-23 06:52:49
Looks like you forget to column name when you update your @IMG value. 看起来您在更新@IMG值时忘记了列名称。
It should be something like; 应该是这样的;
query = ... "ColumnName = @IMG" + ...
But please 但是,求求您
ALWAYS use parameterized queries . 始终使用参数化查询 。 This kind of string concatenations are open for SQL Injection attacks. 这类字符串连接对SQL注入攻击开放。
Next time, when you get this kind of sql syntax error, first thing you should try is to run your query in your database manager. 下次,当您遇到这种SQL语法错误时,您应该尝试的第一件事是在数据库管理器中运行查询。 Then you can easily see what is wrong with your query and how you can fix it. 然后,您可以轻松地查看查询出了什么问题以及如何解决它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.