如何在VB.NET中使用此SQL UPDATE查询
[英]How to use this SQL UPDATE query in VB.NET
问题描述
Here textbox11 contains a float value and combo box contains a string do i have to put text or selected item 
这里textbox11包含一个浮点值,组合框包含一个字符串,我必须放置文本或选定的项目
cmd.CommandType = "UPDATE BALANCE SET OBBALANCE = '"& TextBox11.Text &"' WHERE CUSTOMERNAME = "& ComboBox1.Text & " "
It gives the following error: 它给出以下错误:
Operator '&' is not defined for string " UPDATE BALANCE SET OBBALANCE = " and type 'DataRowView'.
3 个解决方案
解决方案1
2 2011-03-22 03:22:05
Instead you should use parameters, as they are both escaped for sql injections and make more neat datapassing: 相反,你应该使用参数,因为它们都被转义为sql注入并且使得更加整洁的数据捕获:
cmd.CommandType = " UPDATE BALANCE SET OBBALANCE = @NEWBALANCE WHERE CUSTOMERNAME = @CUSTOMERNAME"
and add parameterwithvalue for: 并为以下内容添加parameterwithvalue:
"@NEWBALANCE", TextBox11.Text
"@CUSTOMERNAME", ComboBox1.Text
See http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx 请参阅http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
解决方案2
0 2011-03-22 03:23:54
I would not recommend using inline SQL query.
我不建议使用内联SQL查询。 Use Stored Procedure instead and pass parameters. 请改用存储过程并传递参数。 If you pass Text - you will get the display value... if you want to pass the underlying value, then use "SelectedValue"
如果您传递文本 - 您将获得显示值...如果要传递基础值,则使用“SelectedValue” However to resolve your issue, use parameters.
但是,要解决您的问题,请使用参数。
解决方案3
0 2011-03-22 03:27:35
The available CommandTypes are 可用的CommandType是
StoredProcedure TableDirect Text StoredProcedure TableDirect Text
It looks like you want to set your CommandType to Text and set your CommandText to what you have there. 看起来您想要将CommandType设置为Text并将CommandText设置为您拥有的。
That said, I agree with stefan's answer about parameters. 也就是说,我同意stefan关于参数的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.