[英]vb.net error in parsing query of flexible column name
I'm having some problem in my query. 我的查询中有问题。
I'm trying to update a dataset if it exists in another datatable. 我试图更新一个数据集,如果它存在于另一个数据表中。
I'm having a datatable ds1.table(0)
with 18 columns with 2 primary keys, and datatable ds2.table(0)
with a flexible number of rows. 我有一个数据表
ds1.table(0)
具有18列用2个主键和数据表ds2.table(0)
与行的灵活数量。
If the column name of ds1.table(0)
exists in the row of ds2.table(0)
I would like to update my database. 如果列名
ds1.table(0)
存在的行ds2.table(0)
我想更新我的数据库。
If rc1 > 0 Then
For Each co As DataColumn In ds1.Tables(0).Columns
Dim ColName As String = co.ColumnName
If rc2 > 0 Then
For Each ro As DataRow In ds2.Tables(0).Rows
Dim RoName As String = ro(0).ToString
If RoName.Contains(ColName) Then
Dim cmnd1 As SqlCeCommand
Try
con.Open()
Dim cry As String = "UPDATE serdate SET ['" & ColName & "'] = @date WHERE ((company = '" & Company & "') AND (number = '" & number & "'))"
cmnd1 = New SqlCeCommand(cry, con)
cmnd1.Parameters.Add(New SqlCeParameter("@date", Now))
cmnd1.ExecuteNonQuery()
MsgBox("Update Success")
Catch ex As Exception
MsgBox("Query Error! " & ex.Message)
Finally
con.Close()
End Try
End If
Next
End If
Next
End If
And I'm having some error. 我有一些错误。
The error is 错误是
There was an error in parsing query: Column Name is not valid
解析查询时出错:列名无效
The error is being caused by you trying to update a column which does not exist in the database. 该错误是由您尝试更新数据库中不存在的列引起的。 Have a look in the table definition to ensure the column actually exists.
查看表定义以确保该列实际存在。 However, you're putting
'
around the column name which is not necessary when referring to a column and is most likely causing the error. 但是,您要在列名前后加上
'
,这在引用列时是不必要的,并且很可能导致错误。 Remove the '
and use a valid column name to solve this. 删除
'
然后使用有效的列名来解决此问题。
On a bit of a unrelated note, your SQL query is vulnerable to SQL injection still. 一点不相关的注释是,您的SQL查询仍然容易受到SQL注入的攻击。 You should be using parameters for every variable you're putting into the query, like how you're putting in the date.
您应该对要放入查询中的每个变量使用参数,例如如何输入日期。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.