[英]Incorrect Syntax near ' '.C#
I get error 我得到错误
INCORRECT SYNTAX NEAR ' '
语法不正确
Here is my code: 这是我的代码:
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli'" + textBox5.Text + "',Tavalod'" + maskedTextBox1.Text + "',Address'" + richTextBox1.Text + "',Madraak'" + textBox7.Text + "',Shahriye'" + textBox8.Text + "',Mobile'" + textBox6.Text + "'where Name=" + textBox1.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
My database is SQL Server Express. 我的数据库是SQL Server Express。
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection=conn;
cmd.CommandText = @"
UPDATE
Student
SET
Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,
Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile
WHERE
Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
Here is the code. 这是代码。 First Format your query properly, your query was unreadable.
首先,正确设置查询格式,使查询不可读。 Second use Command parameters to avoid SQL Injection.
其次使用Command参数来避免SQL注入。 You can read in Wikipedia about sql injection.
您可以在Wikipedia中阅读有关sql注入的信息。 Third write "nice" textBox ID, which have some meaning.
第三写“ nice” textBox ID,这有一定的意义。
There are some errors: 有一些错误:
CodeMeli=
, Tavalod=
, Address=
, Madraak=
, Shahriye=
, Mobile=
CodeMeli=
, Tavalod=
, Address=
, Madraak=
, Shahriye=
, Mobile=
+ "'"
+ "'"
This will work: 这将起作用:
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update student set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
In any case, I recommend you the use of Parameters. 无论如何,我建议您使用参数。 Why?
为什么?
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE Student SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
using table2
instead of student
使用
table2
代替student
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd = new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = "update table2 set Name='" + textBox1.Text + "',Family='" + textBox2.Text + "',Fathername='" + textBox3.Text + "',ShenasName='" + textBox4.Text + "',CodeMeli='" + textBox5.Text + "',Tavalod='" + maskedTextBox1.Text + "',Address='" + richTextBox1.Text + "',Madraak='" + textBox7.Text + "',Shahriye='" + textBox8.Text + "',Mobile='" + textBox6.Text + "'where Name='" + textBox1.Text + "'";
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
OR 要么
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Mr\Documents\Student.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
SqlCommand cmd= new SqlCommand();
cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = @"UPDATE table2 SET Name=@Name, Family=@Family, Fathername=@Fathername, ShenasName=@ShenasName, CodeMeli = @CodeMeli,Tavalod=@Tavalod, Address=@Address, Madraak=@Madraak, Shahriye=@Madraak, Mobile=@Mobile WHERE Name=@Name";
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Family", textBox2.Text);
cmd.Parameters.AddWithValue("@Fathername", textBox3.Text);
cmd.Parameters.AddWithValue("@ShenasName", textBox4.Text);
cmd.Parameters.AddWithValue("@CodeMeli", textBox5.Text);
cmd.Parameters.AddWithValue("@Tavalod", maskedTextBox1.Text);
cmd.Parameters.AddWithValue("@Address", richTextBox1.Text);
cmd.Parameters.AddWithValue("@Madraak", textBox7.Text);
cmd.Parameters.AddWithValue("@Shahriye", textBox8.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox6.Text);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("jj");
Look at your CommandText
. 查看您的
CommandText
。 There are some Parameters without ( = ) Format like this : 有些参数没有(=)格式,例如:
cmd.CommandText = "update student set Name='" + textBox1.Text + "',
Family='" + textBox2.Text + "',
Fathername='" + textBox3.Text + "',
ShenasName='" + textBox4.Text + "',
CodeMeli='" + textBox5.Text + "',
Tavalod='" + maskedTextBox1.Text + "',
Address='" + richTextBox1.Text + "',
Madraak='" + textBox7.Text + "',
Shahriye='" + textBox8.Text + "',
Mobile='" + textBox6.Text + "'
where Name=" + textBox1.Text;
Incorrect syntax ')'
语法不正确
')'
private void btnInsert_Click(object sender, EventArgs e) {
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True");
SqlCommand cmd = new SqlCommand("INSERT INTO Customers(Id,Name,Country,) values (@Id,@Name,@Country)",con);
con.Open();
cmd.Parameters.AddWithValue("@Id",dataGridView1.Rows[i].Cells[0].Value);
cmd.Parameters.AddWithValue("@Name",dataGridView1.Rows[i].Cells[1].Value);
cmd.Parameters.AddWithValue("@Country",dataGridView1.Rows[i].Cells[2].Value);
cmd.ExecuteNonQuery();
con.Close();
}
MessageBox.Show("Added successfully!");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.