1. 首页
  2. 问答
  3. 我的查询不正确地执行

我的查询不正确地执行

2016-11-02 153 views
0

这是我的C#代码中的一个方法,应该在一个特定的按钮,点击执行:我的查询不正确地执行

private void button2_Click(object sender, EventArgs e) 
    { 
     try 
     { 

      string connectionString = "Data Source=LPMSW09000012JD\\SQLEXPRESS;Initial Catalog=Pharmacies;Integrated Security=True"; 
      SqlConnection con = new SqlConnection(connectionString); 
      con.Open(); 
      string query = "SELECT Code, Description, Next_Code FROM Liguanea_Lane2 WHERE code LIKE '%" + search.Text + "%'; "; 
      SqlCommand cmd = new SqlCommand(query, con); 

      SqlDataReader dr = cmd.ExecuteReader(); 

      while (dr.Read()) 
      { 
       string scode = dr.GetString(dr.GetOrdinal("next_code")); 
       textBox2.Text = scode; 

      } 
     } 
     catch (Exception ex) 
     { 

      MessageBox.Show(ex.ToString()); 
     } 
     //next description 
     try 
     { 

      string connectionString1 = "Data Source=LPMSW09000012JD\\SQLEXPRESS;Initial Catalog=Pharmacies;Integrated Security=True"; 
      SqlConnection con1 = new SqlConnection(connectionString1); 
      con1.Open(); 
      string query1 = "SELECT Code, Description, Next_Description FROM Liguanea_Lane2 WHERE code LIKE '%" + search.Text + "%'; "; 


      SqlCommand cmd1 = new SqlCommand(query1, con1); 

      SqlDataReader dr1 = cmd1.ExecuteReader(); 

      while (dr1.Read()) 
      { 
       string sdes = dr1.GetString(dr1.GetOrdinal("Next_Description")); 
       textBox3.Text = sdes; 

      } 
     } 
     catch (Exception ex) 
     { 

      MessageBox.Show(ex.ToString()); 
     } 
     search.ResetText(); 
     textBox1.Clear(); 
     search.SelectedIndex = search.SelectedIndex + 1; 
     textBox2.Clear(); 
     textBox3.Clear(); 

     string connectionString2 = "Data Source=LPMSW09000012JD\\SQLEXPRESS;Initial Catalog=Pharmacies;Integrated Security=True"; 
     SqlConnection con2 = new SqlConnection(connectionString2); 
     con2.Open(); 
     string query2 = "UPDATE Liguanea_Lane2 SET Update_val= '0' where code = '" + search.Text + "'; "; 


    } 


}

这种特殊的区块内它是给这个问题:

string connectionString2 = "Data Source=LPMSW09000012JD\\SQLEXPRESS;Initial Catalog=Pharmacies;Integrated Security=True"; 
     SqlConnection con2 = new SqlConnection(connectionString2); 
     con2.Open(); 
     string query2 = "UPDATE Liguanea_Lane2 SET Update_val= '0' where code = '" + search.Text + "'; ";

为了增加更多洞察力,它的功能是插入到我的MSSQL数据库表中名为“update_val”的列中。该值基于称为“搜索”的组合框的输入插入。我在MSSQL中运行了查询,并且它工作正常。唯一的区别是,不是从comboBox接收,而是使用“WHERE”命令指定值。 在c#中的问题是它根本不会更新MSSQL中的表。所以我问我的语法是否错误。

PS。是的,我知道应该实施参数化查询以避免SQL注入。这仅仅是我自己的做法。所以没有评论,因为它涉及到这一点是相关的。

来源

2016-11-02 Jevon

+0

你执行'query2'?如果是这样,那么代码就不会出现在上面。 – UtopiaLtd

+0

我错过了什么? – Jevon

回答

2

要执行的update命令,你会想要做的事更是这样的:

using (SqlConnection connection = new SqlConnection(
       connectionstring1)) // You won't need a second connection string if both are the same 
    { 
     SqlCommand command = new SqlCommand(query2, connection); 
     command.Connection.Open(); 
     command.ExecuteNonQuery(); 
    }

来源

2016-11-02 21:46:54 UtopiaLtd

+0

is ok: 'string connectionString2 =“Data Source = LPMSW09000012JD \\ SQLEXPRESS; Initial Catalog = Pharmacies; Integrated Security = True”; SqlConnection con2 = new SqlConnection(connectionString2); string query2 =“UPDATE Liguanea_Lane2 SET Update_val ='0'where code ='”+ search.Text +“';”; (SqlConnection connection = new SqlConnection(connectionString2)) SqlCommand command = new SqlCommand(query2,connection); command.Connection.Open(); command.ExecuteNonQuery(); }' – Jevon

+0

似乎我滥用了代码段。道歉,如果它很难破译 – Jevon

+1

看起来不错,但正如我所说,你不需要两个不同的连接字符串。您不必使用'使用'块,但它们是一个非常好的主意 - 它们确保您的连接在出现错误时关闭,有助于防止内存泄漏等。 – UtopiaLtd

相关问题

 相关问题