更新SQL查询

Question

喜我尝试从一个数据库更新从Windows点，但林不知道我是怎么从一个变量“totalPoints”被插入到“点”字段中，从数据库中infromation

using (OleDbConnection conn = new OleDbConnection(strCon)) 
     { 
      String sqlPoints = "UPDATE points FROM customer WHERE [customerID]=" 
      + txtCustomerID.Text; 
      conn.Open(); 


      conn.Close(); 
     } 

感谢您的帮助！

Answer 1

首先，您应该使用参数化查询 - 这容易受SQL注入的影响。

看看这里：How do parameterized queries help against SQL injection?

要回答你的问题，你需要寻找到OleDbCommand和ExecuteNonQuery：

public void InsertRow(string connectionString, string insertSQL) 
{ 
    using (OleDbConnection connection = new OleDbConnection(connectionString)) 
    { 
     // The insertSQL string contains a SQL statement that 
     // inserts a new row in the source table. 
     OleDbCommand command = new OleDbCommand(insertSQL); 

     // Set the Connection to the new OleDbConnection. 
     command.Connection = connection; 

     // Open the connection and execute the insert command. 
     try 
     { 
      connection.Open(); 
      command.ExecuteNonQuery(); 
     } 
     catch (Exception ex) 
     { 
      Console.WriteLine(ex.Message); 
     } 
     // The connection is automatically closed when the 
     // code exits the using block. 
    } 
} 

http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.100).aspx

此外，你可能需要在你的SQL重新审视 - 不知道你想要完成什么。如果您使用的是SQL Server，则语法应该类似于UPDATE TABLE SET FIELD = VALUE WHERE FIELD = VALUE。

祝你好运。