Additional information: Incorrect syntax near the keyword 'where'
Question
Erro Query
Error: "Additional information: Incorrect syntax near the keyword 'where'."
my cod
private void button11_Click(object sender, EventArgs e)
{
{
string connectionString = GetCString();
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
string query = string.Format("INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')", textBox20.Text, textBox19.Text);
using (SqlCommand cmd = new SqlCommand(query, connection))
cmd.ExecuteNonQuery();
Logger.getS().info_pc(string.Format("Foi Enviado : {0} Cps , Para : {1}", textBox20.Text, textBox19.Text));
}
}
}
Error Query:
"INSERT INTO Sys_Users_Detail(Money) VALUES ('{0}'), where NickName ('{1}')"
4 answers
solution1
4 2015-09-10 23:19:04
Are you sure you want insert ? You most likely want to update
UPDATE Sys_Users_Detail
SET Money = {0}
WHERE NickName = '{1}'
I assume that Money is a decimal value so you should not have quotes around the value.
Also by using string.Format you are open to a SQL injection attack . Use SqlParameter to avoid an attack.
solution2
1 2015-09-10 23:18:02
It is not a valid INSERT statement. 1) INSERT cannot have a WHERE clause. 2) The money column is probably numeric so the value should not be quoted. Also this is good example candidate for SQL injection - see comment below question.
solution3
0 2015-09-10 23:23:26
That is not a valid INSERT query. It looks like you're trying to update a value based on NickName , which isn't what INSERT is for.
If that's the case, try:
UPDATE Sys_Users_Detail
SET Money = '{0}'
WHERE NickName = '{1}'
solution4
-2 2015-09-10 23:55:42
查询必须在INSERT查询中必须在INSERT查询中必须在INSERT查询中必须在INSERT中
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.