正在編寫一個c#代碼,其中試圖更新表的10列中的4個。這是在我送參數的查詢我的功能類型:更新查詢問題SQL
public int checkout_visitor(int check_inn, int checkout, String time_out, String date_out, String cnic)
現在發生的事情是,我在節目中的說法提供價值的地方調用這個函數:
checkout_visitor(chk_in,chk_out,t_out,dt_out,idcardnum);
查詢正在使用更新我的列是由:
String query2 = " UPDATE visit_detail SET[check_in] = " + check_inn + "[check_out] = " + checkout + "[time_out] = " + time_out + "[date_out] =" + date_out + "where visit_detail.v_id = "+ v_idd;
給我在chkout附近的錯誤語法不正確。我在哪裏錯了?語法是否正確?我該如何糾正它?
代碼:
public int checkout_visitor(int check_inn, int checkout, String time_out, String date_out, String cnic)
{
try
{
connection.Open();
String query = "select v_id from visitor where visitor.cnic=" + cnic;
command = connection.CreateCommand();
command.CommandText = query;
visitor_id = command.ExecuteScalar().ToString();
int v_idd = Int32.Parse(visitor_id);
String query2 = " UPDATE visit_detail SET[check_in] = " + check_inn + "[check_out] = " + checkout + "[time_out] = " + time_out + "[date_out] =" + date_out + "where visit_detail.v_id = " + v_idd;
//String query2 = "UPDATE visit_detail SET [check_in] = " + check_inn + ",[check_out] = " + checkout + ",[time_out] = " + time_out + ",[date_out] =" + date_out + " where visit_detail.v_id = " + v_idd;
command = connection.CreateCommand();
command.CommandText = query2;
int result = command.ExecuteNonQuery();
connection.Close();
return result;
}
catch (Exception e)
{
return -1;
}
}
您忘記了SET和check_in之間的空間SET [check_in] => SET [check_in] – adt
請考慮使用參數,而不是盲目連接字符串值。這些用戶可進入嗎?我會輸入值'1234'); DROP TABLE visit_detail;''爲我的身份證號碼:http://xkcd.com/327 – Bridge