''.C#附近的语法不正确
[英]Incorrect Syntax near ' '.C#
问题描述
I get error 
我得到错误
INCORRECT SYNTAX NEAR ' '
Here is my code: 这是我的代码:
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli'" + textBox5.Text + "',Tavalod'" + maskedTextBox1.Text + "',Address'" + richTextBox1.Text + "',Madraak'" + textBox7.Text + "',Shahriye'" + textBox8.Text + "',Mobile'" + textBox6.Text + "'where Name=" + textBox1.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
My database is SQL Server Express. 我的数据库是SQL Server Express。
4 个解决方案
解决方案1
1 2014-10-10 10:08:56
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = @"
UPDATE
Student
SET
Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,
Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile
WHERE
Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
Here is the code. 这是代码。 First Format your query properly, your query was unreadable. 首先,正确设置查询格式,使查询不可读。 Second use Command parameters to avoid SQL Injection. 其次使用Command参数来避免SQL注入。 You can read in Wikipedia about sql injection. 您可以在Wikipedia中阅读有关sql注入的信息。 Third write "nice" textBox ID, which have some meaning. 第三写“ nice” textBox ID,这有一定的意义。
解决方案2
0 已采纳 2014-10-10 10:27:27
There are some errors: 有一些错误:
- missing equals after:
CodeMeli=,Tavalod=,Address=,Madraak=,Shahriye=,Mobile=缺少之后等于: CodeMeli=,Tavalod=,Address=,Madraak=,Shahriye=,Mobile= - missing ending of the sql statement
+ "'"缺少sql语句的结尾+ "'"
This will work: 这将起作用:
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
In any case, I recommend you the use of Parameters. 无论如何,我建议您使用参数。 Why? 为什么?
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE Student SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
using table2 instead of student 使用table2代替student
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update table2 set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
OR 要么
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE table2 SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
解决方案3
0 2016-12-03 12:35:30
Look at your CommandText . 查看您的CommandText 。 There are some Parameters without ( = ) Format like this : 有些参数没有(=)格式,例如:
cmd.CommandText = "update student set Name='" + textBox1.Text + "',
Family='" + textBox2.Text + "',
Fathername='" + textBox3.Text + "',
ShenasName='" + textBox4.Text + "',
CodeMeli='" + textBox5.Text + "',
Tavalod='" + maskedTextBox1.Text + "',
Address='" + richTextBox1.Text + "',
Madraak='" + textBox7.Text + "',
Shahriye='" + textBox8.Text + "',
Mobile='" + textBox6.Text + "'
where Name=" + textBox1.Text;
解决方案4
0 2016-12-19 18:34:35
Incorrect syntax ')' 语法不正确')'
private void btnInsert_Click(object sender, EventArgs e) {
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True");
SqlCommand cmd = new SqlCommand("INSERT INTO Customers(Id,Name,Country,) values (@Id,@Name,@Country)",con);
con.Open();
cmd.Parameters.AddWithValue("@Id",dataGridView1.Rows[i].Cells[0].Value);
cmd.Parameters.AddWithValue("@Name",dataGridView1.Rows[i].Cells[1].Value);
cmd.Parameters.AddWithValue("@Country",dataGridView1.Rows[i].Cells[2].Value);
cmd.ExecuteNonQuery();
con.Close();
}
MessageBox.Show("Added successfully!");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
'。'附近的语法不正确。 - C# - Incorrect syntax near '.'. - C#
C#.net中'='附近的语法不正确 - Incorrect syntax near '=' in c# .net
','附近的语法不正确。 SQL Server和C# - Incorrect syntax near ','. SQL Server and c#
c#关键字附近的语法不正确? - incorrect syntax near the keyword where c#?
c#SQL语句“'”附近的语法不正确。 - c# SQL Statement Incorrect syntax near '.'
使用Visual C#的SQL:靠近“”的语法不正确 - SQL with Visual C#: Incorrect syntax near ''
SQL C#附近的语法不正确 - Sql C# Incorrect syntax near
'。'附近的语法不正确 SQL插入C# - Incorrect syntax near '.' SQL INSERT c#
参数附近的语法不正确(带有SQL的C#) - Incorrect syntax near parameter (C# with SQL)
关键字“ user”附近的C#错误语法 - c# incorrect syntax near the keyword 'user'
相关标签