0
md.CommandText = "select * from HFour where ID=" + id[num];
SqlDataReader re = cmd.ExecuteReader();
if (re.HasRows)
{
while (re.Read())
{
oldvalue.ID = Convert.ToInt32(re[0]);
oldvalue.Name = re[1].ToString();
oldvalue.Description = re[2].ToString();
oldvalue.SourceID = re[3].ToString();
if (re[4] !=DBNull.Value)
{
oldvalue.SourceTypeID = Convert.ToInt32(re[4]);
}
else
{
}
oldvalue.CreatedOn = Convert.ToDateTime(re[5]);
oldvalue.CreatedBy = re[6].ToString();
if (re[7] != DBNull.Value)
{
oldvalue.ModifiedOn = Convert.ToDateTime(re[7]);
}
oldvalue.ModifiedBy = re[8].ToString();
oldvalue.HThreeID = Convert.ToInt32(re[9].ToString());
oldvalue.IsActive = Convert.ToBoolean(re[10].ToString());
}
re.Close();
string command = "update HFour set Name='" + oldvalue.Name + "'," +
"Description='" + oldvalue.Description + "'," +
"SourceID='" + oldvalue.SourceID + "'," + "SourceTypeID=" +
oldvalue.SourceTypeID + "," + "CreatedOn='" +
oldvalue.CreatedOn + "'," + "CreatedBy='" +
oldvalue.CreatedBy + "'," + "ModifiedBy='" +
oldvalue.ModifiedBy + "'," + "ModifiedOn='" +
oldvalue.ModifiedOn + "'," + "HThreeID=" +
oldvalue.HThreeID + "," + "IsActive='" +
oldvalue.IsActive + "' where ID=" + id[num];
cmd.CommandText = command;
int reed = cmd.ExecuteNonQuery();
和誤差如下:任何人都可以告訴我錯誤在哪裏int這片c#代碼?
類型「System.Data.SqlClient.SqlException」發生在 System.Data.dll中但在用戶代碼中沒有處理的例外,
附加信息:
附近有語法錯誤 ''
任何建議將不勝感激
'id [num]'= to Bobby Tables? – Aron
[什麼是SQL注入?](http://stackoverflow.com/questions/601300/what-is-sql-injection) –
你好。我希望你現在看到你的問題的格式有多重要。請閱讀我們如何在SO中編寫完善的問題。這樣,問題的讀者就會明白問題的癥結所在。 – Christos