我有一個簡單的查詢來更新用戶信息,但我得到的錯誤指出'初始化字符串的格式不符合規範在索引33',它似乎突出這一特定代碼然而Connection.Close();
林不知道爲什麼,這裏是完整的代碼:初始化字符串的格式不符合指數33
public void AddNewUser()
{
string filePath;
try
{
filePath = (Application.StartupPath + ("\\" + DBFile));
connection = new System.Data.OleDb.OleDbConnection((ConnectionString + filePath));
connection.Open();
System.Data.OleDb.OleDbCommand command = new System.Data.OleDb.OleDbCommand();
command.Connection = connection;
// ---set the user's particulars in the table---
string sql = ("UPDATE enroll SET SSN=\'"
+ (txtSSN.Text + ("\', " + ("FirstName=\'"
+ (txtFirstName.Text + ("\', " + ("LastName=\'"
+ (txtLastName.Text + ("\' "
+ (" WHERE ID=" + _UserID))))))))));
command.CommandText = sql;
command.ExecuteNonQuery();
MessageBox.Show("Student added successfully!", "Registered");
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString(), "Error");
}
finally
{
connection.Close();
}
}
編輯:
以下是文件路徑:
const string ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\"C:\\Users\\Zack\\My Documents\\Test\\Database.mdb";
const string DBFile = "C:\\Users\\Zack\\My Documents\\Test\\Database.mdb";
您有一個SQL注入漏洞。 – SLaks
您的連接字符串sytnax不正確。查看:http://stackoverflow.com/questions/8243008/format-of-the-initialization-string-does-not-conform-to-specification-starting-a或發佈什麼'filePath'評估的樣本。 – Nico
@Nico我編輯了這個問題並添加了文件路徑 – Zack