更新SQL查詢

Question

喜我嘗試從一個數據庫更新從Windows點，但林不知道我是怎麼從一個變量「totalPoints」被插入到「點」字段中，從數據庫中infromation

using (OleDbConnection conn = new OleDbConnection(strCon)) 
     { 
      String sqlPoints = "UPDATE points FROM customer WHERE [customerID]=" 
      + txtCustomerID.Text; 
      conn.Open(); 


      conn.Close(); 
     } 

感謝您的幫助！

Answer 1

首先，您應該使用參數化查詢 - 這容易受SQL注入的影響。

看看這裏：How do parameterized queries help against SQL injection?

要回答你的問題，你需要尋找到OleDbCommand和ExecuteNonQuery：

public void InsertRow(string connectionString, string insertSQL) 
{ 
    using (OleDbConnection connection = new OleDbConnection(connectionString)) 
    { 
     // The insertSQL string contains a SQL statement that 
     // inserts a new row in the source table. 
     OleDbCommand command = new OleDbCommand(insertSQL); 

     // Set the Connection to the new OleDbConnection. 
     command.Connection = connection; 

     // Open the connection and execute the insert command. 
     try 
     { 
      connection.Open(); 
      command.ExecuteNonQuery(); 
     } 
     catch (Exception ex) 
     { 
      Console.WriteLine(ex.Message); 
     } 
     // The connection is automatically closed when the 
     // code exits the using block. 
    } 
} 

http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.100).aspx

此外，你可能需要在你的SQL重新審視 - 不知道你想要完成什麼。如果您使用的是SQL Server，則語法應該類似於UPDATE TABLE SET FIELD = VALUE WHERE FIELD = VALUE。

祝你好運。