所以我有一个输入表单,我在其中输入每列的值。然后在声明连接、适配器、命令和查询后,执行以下代码,不会抛出异常,也不会更新数据库: private void BtnOk_Click(object sender, EventArgs e) { OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=[MyDirectory]\Database.accdb"); conn.Open(); string query = "UPDATE [Users] SET [User]=" + txtUser.Text + ", [Password]=" + txtPass.Text + ", [IsAdmin]=" + chBAdmin.Checked.ToString() + " WHERE ID=" + txtID.Text + ""; OleDbDataAdapter adapter = new OleDbDataAdapter(query, conn); OleDbCommand comm = new OleDbCommand { CommandType = CommandType.Text, CommandText = query, Connection = conn }; try { comm.ExecuteNonQuery(); MessageBox.Show(query); } catch (Exception ex) { MessageBox.Show(ex.ToString()); } conn.Close(); }
2 回答
芜湖不芜
TA贡献1796条经验 获得超7个赞
您需要用单引号分隔值,例如
string query = "UPDATE [Users] SET [User]='" + txtUser.Text + "'"
但是,您可能会收到有关 SQL 注入的评论,并且应该真正使用参数化查询,而不是构建包含用户输入的 SQL 字符串。
婷婷同学_
TA贡献1844条经验 获得超8个赞
好的,我尝试了一个参数化查询,它成功了。感谢您的帮助
private void BtnOk_Click(object sender, EventArgs e)
{
conn.Open();
string query = "UPDATE [Users] SET [User] = ?, [Password] = ?, [IsAdmin] = ? WHERE ID = ?";
OleDbDataAdapter adapter = new OleDbDataAdapter(query, conn);
var accessUpdateCommand = new OleDbCommand(query, conn);
accessUpdateCommand.Parameters.AddWithValue("User", txtUser.Text);
accessUpdateCommand.Parameters.AddWithValue("Password", txtPass.Text);
accessUpdateCommand.Parameters.AddWithValue("IsAdmin", chBAdmin.Checked);
accessUpdateCommand.Parameters.AddWithValue("ID", txtID.Text);
adapter.UpdateCommand = accessUpdateCommand;
adapter.UpdateCommand.ExecuteNonQuery();
conn.Close();
}
- 2 回答
- 0 关注
- 208 浏览
添加回答
举报
0/150
提交
取消