发表新帖
发表新帖

SQL update statement in C#

前端 未结
关注
9 1606
陌清茗
陌清茗 2020-11-27 04:26

I have table \"Student\"

   P_ID   LastName  FirstName  Address  City

   1        Hansen    Ola                
   2        Svendson   Tov
相关标签:
9条回答
  • 闹比i
    2020-11-27 05:04

    This is not a correct method of updating record in SQL:

    command.CommandText = "UPDATE Student(LastName, FirstName, Address, City) VALUES (@ln, @fn, @add, @cit) WHERE LastName='" + lastName + "' AND FirstName='" + firstName+"'";

    You should write it like this:

    command.CommandText = "UPDATE Student 
SET Address = @add, City = @cit Where FirstName = @fn and LastName = @add";

    Then you add the parameters same as you added them for the insert operation.

    0 讨论(0)
  • 鱼传尺愫
    2020-11-27 05:08

    Please, never use this concat form: 

    String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text
        + "WHERE supplier_id = " + textBox1.Text;

    use: 

    command.Parameters.AddWithValue("@attribute", value);

    Always work object oriented

    Edit: This is because when you parameterize your updates it helps prevent SQL injection.

    0 讨论(0)
  • 南方客
    2020-11-27 05:12 
    private void button4_Click(object sender, EventArgs e)
    {
        String st = "DELETE FROM supplier WHERE supplier_id =" + textBox1.Text;

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            MessageBox.Show("刪除成功");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
    }



    private void button6_Click(object sender, EventArgs e)
    {
        String st = "SELECT * FROM suppliers";

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            SqlDataReader reader = sqlcom.ExecuteReader();
            DataTable datatable = new DataTable();
            datatable.Load(reader);
            dataGridView1.DataSource = datatable;
            //MessageBox.Show("LEFT OUTER成功");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
    }
    0 讨论(0)
  • 南笙
    2020-11-27 05:13 
    String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text
            + "WHERE supplier_id = " + textBox1.Text;

        SqlCommand sqlcom = new SqlCommand(st, myConnection);
        try
        {
            sqlcom.ExecuteNonQuery();
            MessageBox.Show("update successful");
        }
        catch (SqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
    0 讨论(0)
  • 耶瑟儿~
    2020-11-27 05:16 
    string constr = @"Data Source=(LocalDB)\v11.0;Initial Catalog=Bank;Integrated Security=True;Pooling=False";
SqlConnection con = new SqlConnection(constr);
DataSet ds = new DataSet();
con.Open();
SqlCommand cmd = new SqlCommand(" UPDATE Account  SET name = Aleesha, CID = 24 Where name =Areeba and CID =11 )";
cmd.ExecuteNonQuery();
    0 讨论(0)
  • 时光取名叫无心
    2020-11-27 05:19

    There is always a proper syntax for every language. Similarly SQL(Structured Query Language) has also specific syntax for update query which we have to follow if we want to use update query. Otherwise it will not give the expected results.

    0 讨论(0)
 看不清?
提交回复
热议问题