Sql commands Syntax Error: System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.'
Sql commands Syntax Error: System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.'
我正在用 C# 构建一个销售点系统,我正在通过一个对象将数据从界面传递到数据库。
每次我尝试更新时,更新函数都会在 cmd.CommandText 中抛出语法错误。
private void btnUpdate_Click(object sender, EventArgs e) //UPDATE FUNCTION//
{
user_management_system user_mgnt = new user_management_system();
user_mgnt.Username = txt_userName.Text;
user_mgnt.Password = txt_password.Text;
user_mgnt.First_name = txt_firstName.Text;
user_mgnt.Last_name = txt_lastName.Text;
user_mgnt.Nationality = txt_nationality.Text;
user_mgnt.Email = txt_email.Text;
user_mgnt.Age = (txt_age.Text);
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "', WHERE username ='"+ user_mgnt.Username+ "')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Data has been successfuly updated");
displaydata();
您的 WHERE 子句前有一个额外的(错位的)逗号。应该是:
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "' WHERE username ='"+ user_mgnt.Username+ "')";
编辑:我同意那些评论你应该使用参数化SQL,并且避免在数据库中存储纯文本密码。
查询文本中存在语法错误,请按照此格式填写
我正在用 C# 构建一个销售点系统,我正在通过一个对象将数据从界面传递到数据库。
每次我尝试更新时,更新函数都会在 cmd.CommandText 中抛出语法错误。
private void btnUpdate_Click(object sender, EventArgs e) //UPDATE FUNCTION//
{
user_management_system user_mgnt = new user_management_system();
user_mgnt.Username = txt_userName.Text;
user_mgnt.Password = txt_password.Text;
user_mgnt.First_name = txt_firstName.Text;
user_mgnt.Last_name = txt_lastName.Text;
user_mgnt.Nationality = txt_nationality.Text;
user_mgnt.Email = txt_email.Text;
user_mgnt.Age = (txt_age.Text);
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "', WHERE username ='"+ user_mgnt.Username+ "')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Data has been successfuly updated");
displaydata();
您的 WHERE 子句前有一个额外的(错位的)逗号。应该是:
cmd.CommandText = "UPDATE userlogin SET password = ('"+ user_mgnt.Password + "',first_name='" + user_mgnt.First_name + "',last_name='" + user_mgnt.Last_name + "',age='" + user_mgnt.Age +
"',nationality='" + user_mgnt.Nationality + "',email='" + user_mgnt.Email + "' WHERE username ='"+ user_mgnt.Username+ "')";
编辑:我同意那些评论你应该使用参数化SQL,并且避免在数据库中存储纯文本密码。
查询文本中存在语法错误,请按照此格式填写