正在编写一个c#代码,其中试图更新表的10列中的4个。这是在我送参数的查询我的功能类型:更新查询问题SQL
public int checkout_visitor(int check_inn, int checkout, String time_out, String date_out, String cnic)
现在发生的事情是,我在节目中的说法提供价值的地方调用这个函数:
checkout_visitor(chk_in,chk_out,t_out,dt_out,idcardnum);
查询正在使用更新我的列是由:
String query2 = " UPDATE visit_detail SET[check_in] = " + check_inn + "[check_out] = " + checkout + "[time_out] = " + time_out + "[date_out] =" + date_out + "where visit_detail.v_id = "+ v_idd;
给我在chkout附近的错误语法不正确。我在哪里错了?语法是否正确?我该如何纠正它?
代码:
public int checkout_visitor(int check_inn, int checkout, String time_out, String date_out, String cnic)
{
try
{
connection.Open();
String query = "select v_id from visitor where visitor.cnic=" + cnic;
command = connection.CreateCommand();
command.CommandText = query;
visitor_id = command.ExecuteScalar().ToString();
int v_idd = Int32.Parse(visitor_id);
String query2 = " UPDATE visit_detail SET[check_in] = " + check_inn + "[check_out] = " + checkout + "[time_out] = " + time_out + "[date_out] =" + date_out + "where visit_detail.v_id = " + v_idd;
//String query2 = "UPDATE visit_detail SET [check_in] = " + check_inn + ",[check_out] = " + checkout + ",[time_out] = " + time_out + ",[date_out] =" + date_out + " where visit_detail.v_id = " + v_idd;
command = connection.CreateCommand();
command.CommandText = query2;
int result = command.ExecuteNonQuery();
connection.Close();
return result;
}
catch (Exception e)
{
return -1;
}
}
您忘记了SET和check_in之间的空间SET [check_in] => SET [check_in] – adt
请考虑使用参数,而不是盲目连接字符串值。这些用户可进入吗?我会输入值'1234'); DROP TABLE visit_detail;''为我的身份证号码:http://xkcd.com/327 – Bridge