[英]Additional information: Incorrect syntax near the keyword 'where'
Erro Query 错误查询
Error: "Additional information: Incorrect syntax near the keyword 'where'." 错误:“其他信息:关键字'where'附近的语法不正确。”
my cod 我的鳕鱼
private void button11_Click(object sender, EventArgs e)
{
{
string connectionString = GetCString();
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
string query = string.Format("INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')", textBox20.Text, textBox19.Text);
using (SqlCommand cmd = new SqlCommand(query, connection))
cmd.ExecuteNonQuery();
Logger.getS().info_pc(string.Format("Foi Enviado : {0} Cps , Para : {1}", textBox20.Text, textBox19.Text));
}
}
}
Error Query: 错误查询:
"INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')"
Are you sure you want insert
? 您确定要insert
吗? You most likely want to update
您最有可能想要update
UPDATE Sys_Users_Detail
SET Money = {0}
WHERE NickName = '{1}'
I assume that Money
is a decimal value so you should not have quotes around the value. 我认为Money
是一个十进制值,因此您不应在该值两边加上引号。
Also by using string.Format
you are open to a SQL injection attack . 同样通过使用string.Format
您也很容易受到SQL注入攻击 。 Use SqlParameter to avoid an attack. 使用SqlParameter避免攻击。
It is not a valid INSERT statement. 这不是有效的INSERT语句。 1) INSERT cannot have a WHERE clause. 1)INSERT不能有WHERE子句。 2) The money
column is probably numeric so the value should not be quoted. 2) money
列可能是数字,因此不应引用该值。 Also this is good example candidate for SQL injection - see comment below question. 这也是SQL注入的很好的示例候选人-请参阅问题下方的评论。
That is not a valid INSERT
query. 那不是有效的INSERT
查询。 It looks like you're trying to update a value based on NickName
, which isn't what INSERT
is for. 看来您要基于NickName
更新值,而这并不是INSERT
目的。
If that's the case, try: 如果是这种情况,请尝试:
UPDATE Sys_Users_Detail
SET Money = '{0}'
WHERE NickName = '{1}'
查询必须在INSERT查询中必须在INSERT查询中必须在INSERT查询中必须在INSERT中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.