Erro Query
Error: "Additional information: Incorrect syntax near the keyword 'where'."
my cod
private void button11_Click(object sender, EventArgs e)
{
{
string connectionString = GetCString();
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
string query = string.Format("INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')", textBox20.Text, textBox19.Text);
using (SqlCommand cmd = new SqlCommand(query, connection))
cmd.ExecuteNonQuery();
Logger.getS().info_pc(string.Format("Foi Enviado : {0} Cps , Para : {1}", textBox20.Text, textBox19.Text));
}
}
}
Error Query:
"INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')"
Are you sure you want insert
? You most likely want to update
UPDATE Sys_Users_Detail
SET Money = {0}
WHERE NickName = '{1}'
I assume that Money
is a decimal value so you should not have quotes around the value.
Also by using string.Format
you are open to a SQL injection attack . Use SqlParameter to avoid an attack.
It is not a valid INSERT statement. 1) INSERT cannot have a WHERE clause. 2) The money
column is probably numeric so the value should not be quoted. Also this is good example candidate for SQL injection - see comment below question.
That is not a valid INSERT
query. It looks like you're trying to update a value based on NickName
, which isn't what INSERT
is for.
If that's the case, try:
UPDATE Sys_Users_Detail
SET Money = '{0}'
WHERE NickName = '{1}'
查询必须在INSERT查询中必须在INSERT查询中必须在INSERT查询中必须在INSERT中
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.