0
我已經創建了一些應用程序來保存員工及其付款數據庫。迄今爲止效果很好。但是現在我試圖實現一個「更新」功能,如果有一些數據爲特定用戶而改變的話。在本地數據庫中更新值錯誤:CommandText屬性尚未初始化
所以我寫了更新下面的代碼,但我得到這個錯誤:
CommandText property has not been initialized at line 105: "cmd.ExecuteNonQuery();"
謝謝!
var connString = @"Data Source=C:\Users\Andrei\Documents\Visual Studio 2010\Projects\Stellwag\Stellwag\Angajati.sdf";
using (var conn = new SqlCeConnection(connString))
{
try
{
conn.Open();
SqlCeCommand cmd = new SqlCeCommand();
//conecteaza cmd la conn
cmd.Connection = conn;
//adauga parametru pt campul poza cu value image
SqlCeParameter picture = new SqlCeParameter("@Poza", SqlDbType.Image);
MemoryStream ms = new MemoryStream();
pictureBox1.Image.Save(ms, pictureBox1.Image.RawFormat);
byte[] a = ms.GetBuffer();
ms.Close();
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@Poza", a);
var query = "UPDATE info SET Nume='" + textBox5.Text + "' AND Prenume='" + textBox4.Text + "' AND Data='" + dateTimePicker1.Value.ToShortDateString() + "' AND Proiect='" + textBox1.Text + "' AND Schimburi='" + label10.Text + "' AND [email protected] AND Acord='" + textBox2.Text + "' AND Baza='" + textBox3.Text + "' WHERE Nume='" + label8.Text + "' AND Prenume='" + label5.Text + "'";
cmd.ExecuteNonQuery();
MessageBox.Show("Salvat cu succes!");
this.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
[SQL注入警報](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 您應該**不**將您的SQL語句連接在一起 - 使用**參數化查詢**來代替以避免SQL注入 –