使用SQL Server Compact 4.0 +1到数据列
[英]+1 to data column using SQL Server Compact 4.0
问题描述
I am trying to create a simple button, that when clicked, adds 1 to the related column. 
我正在尝试创建一个简单的按钮,单击该按钮会将1添加到相关列。 I use a dropdown box to select the ID, then add 1 to the value. 我使用一个下拉框选择ID,然后在值中添加1。 However, I am presented with the error: 但是,出现错误:
A first chance exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll
and it highlights cm.ExecuteNonQuery(); 并突出显示cm.ExecuteNonQuery();
I have gone through several attempts at this but it's getting me a little confused as to why I can't simply run the SQL statement. 我已经进行了几次尝试,但是对于为什么我不能简单地运行SQL语句,这让我有些困惑。
Here is the code 这是代码
private void button2_Click(object sender, EventArgs e) {
try {
SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text, mySqlConnection);
cm.ExecuteNonQuery();
} catch (SqlCeException) {
MessageBox.Show("Error");
}
}
3 个解决方案
解决方案1
2 2016-01-08 22:57:08
Your command has a opening apostrophe which is not being closed. 您的命令的开头撇号未关闭。 This should fix it. 这应该解决它。
SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text + "'", mySqlConnection);
But that's a security issue since the user can manage to add extra commands to your query, which could ruin your entire database. 但这是一个安全问题,因为用户可以设法向查询中添加其他命令,这可能会破坏整个数据库。
This is a better solution since using parameters is more safe. 因为使用参数更安全,所以这是一个更好的解决方案。
SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = @fixedid;", mySqlConnection);
cm.Parameters.AddWithValue("@fixedid", comboBox1.Text);
This will prevent future headaches. 这将防止将来出现头痛。
This question has better detailed answers that may help enlighten your mind... 这个问题有更好的详细答案,可能有助于启发您的思想。
解决方案2
2 2016-01-08 22:58:03
"UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text + "'"
是否需要在查询中使用'关闭字符串参数?
解决方案3
1 2016-01-08 23:30:05
You need to think about below things; 您需要考虑以下事项;
- User must select a value. 用户必须选择一个值。
- Security 安全
Dispose the command after using it.
使用后处置该命令。 string selectedValue = comboBox1.Text; if (string.IsNullOrEmpty(selectedValue)) { MessageBox.Show("Please select something"); return; } string sql = "UPDATE fixedBugs SET Success = ISNULL(Success,0) + 1 WHERE Fixed_ID = @selectedValue"; try { using (SqlCeCommand cm = new SqlCeCommand(sql, mySqlConnection)) { SqlCeParameter param = new SqlCeParameter("@selectedvalue", SqlDbType.NText); cm.Parameters.Add(param); cm.Parameters["@selectedvalue"].Size = 50; cm.Parameters["@selectedvalue"].Value = selectedValue.Trim(); cm.ExecuteNonQuery(); } } catch (Exception ex) { MessageBox.Show(ex.Message); }
PS: Code is not tested. PS:代码未经测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.