ASP.NET , C# 怎么写这个 sql 命令
ASP.NET , C# how to write this sql command
如何在 asp.net c# 代码后面编写此代码?
Wwhat I'm trying to do is select invoicetable 中的所有行 orderno 等于当前 session 并扣除我的 inventorytable 来自与其 itemid 匹配的发票数量。
SqlCommand cmd =
new SqlCommand("UPDATE inventorytable
JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
WHERE invoicetable.No='" + Convert.ToInt32(Session["invoiceno"]) + "'"
, con);
InsertUpdateData(cmd);
您的更新查询格式不正确,您应该使用参数化 SQL。尝试使用类似这样的东西
var sqlQuery =
@"UPDATE inventorytable
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
FROM inventorytable
INNER JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
WHERE invoicetable.No=@invNo";
using (var conn = new SqlConnection(CONN_STR))
{
var sqlCmd = new SqlCommand(sqlQuery, conn);
sqlCmd.Parameters.AddWithValue("@invNo", Session["invoiceno"].ToString());
sqlCmd.ExecuteNonQuery();
}
我在没有 VS 的情况下输入了这个,所以如果有任何语法问题请告诉我
var n = Session["invoiceno"] != null ? Convert.ToInt32(Session["invoiceno"]) : 0;
using (var conn = new SqlConnection(CONN_STR))
{
conn.Open();
var sql = "SELECT * FROM invoicetable WHERE orderno = @n";
var cmd = new SqlCommand(sql);
cmd.Connection = conn ;
cmd.Parameters.AddWithValue("@n", n);
using(var dr = cmd.ExecuteReader())
{
while(dr.Read())
{
//loop through DataReader
}
dr.Close();
}
}
如何在 asp.net c# 代码后面编写此代码?
Wwhat I'm trying to do is select invoicetable 中的所有行 orderno 等于当前 session 并扣除我的 inventorytable 来自与其 itemid 匹配的发票数量。
SqlCommand cmd =
new SqlCommand("UPDATE inventorytable
JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
WHERE invoicetable.No='" + Convert.ToInt32(Session["invoiceno"]) + "'"
, con);
InsertUpdateData(cmd);
您的更新查询格式不正确,您应该使用参数化 SQL。尝试使用类似这样的东西
var sqlQuery =
@"UPDATE inventorytable
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
FROM inventorytable
INNER JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
WHERE invoicetable.No=@invNo";
using (var conn = new SqlConnection(CONN_STR))
{
var sqlCmd = new SqlCommand(sqlQuery, conn);
sqlCmd.Parameters.AddWithValue("@invNo", Session["invoiceno"].ToString());
sqlCmd.ExecuteNonQuery();
}
我在没有 VS 的情况下输入了这个,所以如果有任何语法问题请告诉我
var n = Session["invoiceno"] != null ? Convert.ToInt32(Session["invoiceno"]) : 0;
using (var conn = new SqlConnection(CONN_STR))
{
conn.Open();
var sql = "SELECT * FROM invoicetable WHERE orderno = @n";
var cmd = new SqlCommand(sql);
cmd.Connection = conn ;
cmd.Parameters.AddWithValue("@n", n);
using(var dr = cmd.ExecuteReader())
{
while(dr.Read())
{
//loop through DataReader
}
dr.Close();
}
}