1. 首頁
  2. 問答
  3. SQL update語句

SQL update語句

2013-03-06 210 views
26

我有表「學生」SQL update語句

P_ID LastName FirstName Address City 

    1  Hansen Ola     
    2  Svendson Tove 
    3  Petterson Kari 
    4  Nilsen  Johan 
...and so on

如何更改編輯代碼在C#

string firstName = "Ola"; 
string lastName ="Hansen"; 
string address = "ABC"; 
string city = "Salzburg"; 

string connectionString = System.Configuration.ConfigurationManager 
          .ConnectionStrings["LocalDB"].ConnectionString; 

using (SqlConnection connection = new SqlConnection(connectionString)) 
    using (SqlCommand command = connection.CreateCommand()) 
{ 
    command.CommandText = "INSERT INTO Student (LastName, FirstName, Address, City) 
          VALUES (@ln, @fn, @add, @cit)"; 

    command.Parameters.AddWithValue("@ln", lastName); 
    command.Parameters.AddWithValue("@fn", firstName); 
    command.Parameters.AddWithValue("@add", address); 
    command.Parameters.AddWithValue("@cit", city); 

    connection.Open(); 

    command.ExecuteNonQuery(); 

    connection.Close(); 
}

編輯條目,其中字段姓價值姓氏字段具有名字值。

我不想使用這樣

UPDATE Persons SET Address='Nissestien 67', City='Sandnes' 
WHERE LastName='Tjessem'  AND FirstName='Jakob'

,我編輯的我原來​​的語句

command.CommandText = "UPDATE Student(LastName, FirstName, Address, City) 
    VALUES (@ln, @fn, @add, @cit) WHERE LastName='" + lastName + 
          "' AND FirstName='" + firstName+"'";

但聲明是沒有得到執行,爲什麼會拋出SQL異常?有沒有解決它的辦法?

來源

2013-03-06 Андрей Про

+0

它拋出什麼異常? – 2013-03-06 11:31:03

+0

錯誤的語法附近'(' – 2013-03-06 11:51:12

+2

,這是正確的,因爲你有錯誤的語句到位。更新TABLE_NAME SET ...應該是正確的語法..檢查我的帖子在答案找到正確的方式。 – 2013-03-06 11:52:57

回答

40

這不是更新記錄的SQL正確方法:

command.CommandText = "UPDATE Student(LastName, FirstName, Address, City) VALUES (@ln, @fn, @add, @cit) WHERE LastName='" + lastName + "' AND FirstName='" + firstName+"'";

你應該寫這樣的:

command.CommandText = "UPDATE Student 
SET Address = @add, City = @cit Where FirstName = @fn and LastName = @add";

然後添加相同的參數,你加入他們用於插入操作。

來源

2013-03-06 11:32:41

+0

是的,你也可以這樣做...請標記我的帖子爲正確的答案,如果你有預期的解決方案...謝謝 – 2013-03-06 11:59:13

+1

希望你能解決你的答案.. 而不是'command.Text',使用'command.CommandText'.... 它工作 – 2016-05-30 17:01:23

+0

總是參數化你的SQL代碼 – Dinuka 2016-06-11 09:44:46

15

我不想使用這樣

這是在SQLUpdate語句的語法,你必須使用語法,否則你將得到的異常。

command.Text = "UPDATE Student SET Address = @add, City = @cit Where FirstName = @fn and LastName = @add";

然後相應地添加您的參數。

command.Parameters.AddWithValue("@ln", lastName); 
command.Parameters.AddWithValue("@fn", firstName); 
command.Parameters.AddWithValue("@add", address); 
command.Parameters.AddWithValue("@cit", city);

來源

2013-03-06 11:31:13 Habib

1

如果您不想使用SQL語法(您不得不這麼做),那麼切換到像Entity Framework或Linq-to-SQL這樣的框架,您不必自己編寫SQL語句。

來源

2013-03-06 11:33:02 YesMan85

4

每種語言都有適當的語法。同樣,SQL(結構化查詢語言)也有更新查詢的特定語法,如果我們想要使用更新查詢,我們必須遵循這個語法。否則它不會給出預期的結果。

來源

2013-03-06 11:44:59

2 
string constr = @"Data Source=(LocalDB)\v11.0;Initial Catalog=Bank;Integrated Security=True;Pooling=False"; 
SqlConnection con = new SqlConnection(constr); 
DataSet ds = new DataSet(); 
con.Open(); 
SqlCommand cmd = new SqlCommand(" UPDATE Account SET name = Aleesha, CID = 24 Where name =Areeba and CID =11)"; 
cmd.ExecuteNonQuery();

來源

2014-04-26 17:45:47 user3576577

+0

不需要DataSet – 2017-04-19 14:53:10

+0

在'SqlCommand'行的末尾,你倒轉了'' ''用''''。 – Rafalon 2017-08-20 16:04:43

-1 
String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text 
      + "WHERE supplier_id = " + textBox1.Text; 

     SqlCommand sqlcom = new SqlCommand(st, myConnection); 
     try 
     { 
      sqlcom.ExecuteNonQuery(); 
      MessageBox.Show("update successful"); 
     } 
     catch (SqlException ex) 
     { 
      MessageBox.Show(ex.Message); 
     }

來源

2015-11-02 08:48:42 robin

0 
private void button4_Click(object sender, EventArgs e) 
    { 
     String st = "DELETE FROM supplier WHERE supplier_id =" + textBox1.Text; 

     SqlCommand sqlcom = new SqlCommand(st, myConnection); 
     try 
     { 
      sqlcom.ExecuteNonQuery(); 
      MessageBox.Show("刪除成功"); 
     } 
     catch (SqlException ex) 
     { 
      MessageBox.Show(ex.Message); 
     } 
    } 



    private void button6_Click(object sender, EventArgs e) 
    { 
     String st = "SELECT * FROM suppliers"; 

     SqlCommand sqlcom = new SqlCommand(st, myConnection); 
     try 
     { 
      sqlcom.ExecuteNonQuery(); 
      SqlDataReader reader = sqlcom.ExecuteReader(); 
      DataTable datatable = new DataTable(); 
      datatable.Load(reader); 
      dataGridView1.DataSource = datatable; 
      //MessageBox.Show("LEFT OUTER成功"); 
     } 
     catch (SqlException ex) 
     { 
      MessageBox.Show(ex.Message); 
     } 
    }

來源

2015-11-07 09:09:30 robin

1 
command.Text = "UPDATE Student 
    SET Address = @add, City = @cit 
    Where FirstName = @fn and LastName = @add";

 

來源

2016-01-28 16:18:12

1

請,從來不使用這個CONCAT形式:

String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text 
     + "WHERE supplier_id = " + textBox1.Text;

使用:

command.Parameters.AddWithValue("@attribute", value);

始終面向工作對象

編輯:這是因爲當您更新參數時,它有助於防止SQL注入。

來源

2016-09-12 23:02:47

相關問題

 相關問題