我正在用 C# 构建一个销售点系统,并将数据从接口(interface)通过一个对象传递到数据库。
每次我尝试更新时,更新函数都会在 cmd.CommandText 中引发语法错误。
private void btnUpdate_Click(object sender, EventArgs e) //UPDATE FUNCTION//
{
user_management_system user_mgnt = new user_management_system();
user_mgnt.Username = txt_userName.Text;
user_mgnt.Password = txt_password.Text;
user_mgnt.First_name = txt_firstName.Text;
user_mgnt.Last_name = txt_lastName.Text;
user_mgnt.Nationality = txt_nationality.Text;
user_mgnt.Email = txt_email.Text;
user_mgnt.Age = (txt_age.Text);
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "', WHERE username ='"+ user_mgnt.Username+ "')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Data has been successfuly updated");
displaydata();
最佳答案
您的 WHERE 之前有一个额外的(错位的)逗号条款。它应该是:
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "' WHERE username ='"+ user_mgnt.Username+ "')";
编辑:我同意那些评论你应该使用参数化 SQL,并且避免在数据库中存储纯文本密码。
关于c# - Sql 命令语法错误 : System. Data.SqlClient.SqlException: 'Incorrect syntax near ' ,'.',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45246688/