2014-09-13 39 views
0

在我的winforms應用程序中,我想用form更新數據庫值。我設法創造了除此之外的其他部分。當我嘗試更新數據庫時,它給了我一些奇怪的sql錯誤。我有不知道什麼是錯我的代碼使用win-form更新mysql數據庫總是給出奇怪的錯誤信息

它顯示我像你有在您的SQL語法錯誤檢查對應於你的MySQL服務器版本

手動此

錯誤,這是代碼我用來更新database.can有人請檢查此代碼對我來說

private void button1_Click(object sender, EventArgs e) 
    { 


     string constring = string.Format("datasource='{0}';username=***************;port=3306;password=**********;Connect Timeout=20000;Command Timeout=28800", serverip.Text); 

     string Query = "update wartif.userdata set (citrixpass= '" + this.citrix_pass_box.Text + " ', idmpass = '" + this.IDM_pass_box.Text + "' , mortracpass = '" + this.mortrac_pass_box.Text + "' , detpass = '" + this.DET_pass_box.Text + "' where username = '" + this.Pwloggeninaslable.Text + "' ;"; 
     MySqlConnection conwaqDatabase = new MySqlConnection(constring); 
     MySqlCommand cmdwaqDatabase = new MySqlCommand(Query, conwaqDatabase); 
     MySqlDataReader myreader; 

     try 
     { 
      conwaqDatabase.Open(); 
      myreader = cmdwaqDatabase.ExecuteReader(); 
      while (myreader.Read()) { } 

     } 


     catch (Exception ex) 
     { 
      MessageBox.Show(ex.Message); 
     } 





    } 

回答

3

您在SET子句(不需要)之前打開一個括號,但你忘了在最後

將其關閉10

然而,讓我告訴你,你應該怎麼寫這個代碼,以避免SQL注入和分析問題

string constring = .....; 
string Query = @"update wartif.userdata set [email protected], idmpass = @idm, 
       mortracpass = @mtc, detpass = @det where username = @usr;"; 
using(MySqlConnection conwaqDatabase = new MySqlConnection(constring)) 
using(MySqlCommand cmdwaqDatabase = new MySqlCommand(Query, conwaqDatabase)) 
{ 
    try 
    { 
     conwaqDatabase.Open(); 
     cmdwaqDatabase.Parameters.AddWithValue("@ctx", this.citrix_pass_box.Text); 
     cmdwaqDatabase.Parameters.AddWithValue("@idm", this.IDM_pass_box.Text); 
     cmdwaqDatabase.Parameters.AddWithValue("@mtc", this.mortrac_pass_box.Text); 
     cmdwaqDatabase.Parameters.AddWithValue("@det", this.DET_pass_box.Text); 
     cmdwaqDatabase.Parameters.AddWithValue("@usr", this.Pwloggeninaslable.Text); 
     int rowsUpdated = cmdwaqDatabase.ExecuteNonQuery(); 

    } 
    catch (Exception ex) 
    { 
     MessageBox.Show(ex.Message); 
    } 
} 

這樣,你不必擔心會嘗試與打破你的代碼的惡意用戶Sql Injection攻擊,您的查詢字符串更具可讀性,您無需擔心傳遞包含單引號或正確格式化日期和小數的字符串