cmSQL = New SqlCommand("UPDATE AdBanner SET AdBannerTitle='" & txTitle.Text & "',AdBannerFileUrl=/Images/'" & fileUpload.FileName & "',AdBannerTargerUrl='" & txTargetUrl.Text & "',AdBannerIsActive='" & chkBox.Checked & "' WHERE AdBannerID='" & lblBannerId.Text & "'", cnSQL)
错误:“/”附近的语法错误。“/”附近的语法错误
我更新记录时
使用的参数(http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx),而不是CONCAT,看看SQL注入(http://en.wikipedia.org/wiki/SQL_injection) –
[你不能注入!](http://imgs.xkcd.com/comics/exploits_of_a_mom.png) –
而问题是? – tiago