【问题标题】:Vbnet Sql incorrect syntax near ')'')' 附近的 Vb Net Sql 语法不正确
【发布时间】:2017-06-29 07:51:48
【问题描述】:

Private Sub Button2_Click(sender As Object, e As EventArgs) 处理 Button2.Click

    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    Try
        con.ConnectionString = "Data Source=DESKTOP-3H4F5GB\MURATS;Initial Catalog=CRM;Integrated Security=True"

        con.Open()
        cmd.Connection = con

    cmd.CommandText = "UPDATE Firma  SET (Sektor = '" & ComboBox1.Text & "', Tip = '" & ComboBox2.Text & "', Telefon = '" & MaskedTextBox1.Text & "', Web = '" & TextBox2.Text & "', Adres = '" & RichTextBox2.Text & "', OSB = '" & ComboBox3.Text & "', PR = '" & ComboBox4.Text & "', Sehir = '" & ComboBox5.Text & "', Ulke = '" & ComboBox6.Text & "', Note = '" & RichTextBox1.Text & "', Durum = '" & ComboBox7.Text & "', Email ='" & TextBox3.Text & "') WHERE Firma = '" & ComboBox8.Text & "'"**

        cmd.ExecuteNonQuery()
    Catch ex As Exception
        MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
    Finally
        con.Close()
    End Try
End Sub

【问题讨论】:

  • 我找不到问题部分我无法修复它并输入如下
  • 删除SET之后和Where之前的括号。您还需要参数化您的查询。当前代码对sql注入开放。
  • 非常感谢
  • abi 这个问题你解决了吗?
  • Werdna 我听不懂

标签: sql-server vb.net visual-studio


【解决方案1】:

你的错误显然在这一行

cmd.CommandText = "UPDATE Firma  SET (Sektor = '" & ComboBox1.Text & "', Tip = '" & ComboBox2.Text & "', Telefon = '" & MaskedTextBox1.Text & "', Web = '" & TextBox2.Text & "', Adres = '" & RichTextBox2.Text & "', OSB = '" & ComboBox3.Text & "', PR = '" & ComboBox4.Text & "', Sehir = '" & ComboBox5.Text & "', Ulke = '" & ComboBox6.Text & "', Note = '" & RichTextBox1.Text & "', Durum = '" & ComboBox7.Text & "', Email ='" & TextBox3.Text & "') WHERE Firma = '" & ComboBox8.Text & "'"**

您必须从 Update 语句中删除 () 才能如下所示

cmd.CommandText = "UPDATE Firma  SET Sektor = '" & ComboBox1.Text & "', Tip = '" & ComboBox2.Text & "', Telefon = '" & MaskedTextBox1.Text & "', Web = '" & TextBox2.Text & "', Adres = '" & RichTextBox2.Text & "', OSB = '" & ComboBox3.Text & "', PR = '" & ComboBox4.Text & "', Sehir = '" & ComboBox5.Text & "', Ulke = '" & ComboBox6.Text & "', Note = '" & RichTextBox1.Text & "', Durum = '" & ComboBox7.Text & "', Email ='" & TextBox3.Text & "' WHERE Firma = '" & ComboBox8.Text & "'"

【讨论】:

    【解决方案2】:

    删除你的左括号和右括号:

    cmd.CommandText = "UPDATE Firma  SET (Sektor = '" & ComboBox1.Text & "', Tip = '" & ComboBox2.Text & "', Telefon = '" & MaskedTextBox1.Text & "', Web = '" & TextBox2.Text & "', Adres = '" & RichTextBox2.Text & "', OSB = '" & ComboBox3.Text & "', PR = '" & ComboBox4.Text & "', Sehir = '" & ComboBox5.Text & "', Ulke = '" & ComboBox6.Text & "', Note = '" & RichTextBox1.Text & "', Durum = '" & ComboBox7.Text & "', Email ='" & TextBox3.Text & "')
    

    回答

     cmd.CommandText = "UPDATE Firma  SET Sektor = '" & ComboBox1.Text & "', Tip = '" & ComboBox2.Text & "', Telefon = '" & MaskedTextBox1.Text & "', Web = '" & TextBox2.Text & "', Adres = '" & RichTextBox2.Text & "', OSB = '" & ComboBox3.Text & "', PR = '" & ComboBox4.Text & "', Sehir = '" & ComboBox5.Text & "', Ulke = '" & ComboBox6.Text & "', Note = '" & RichTextBox1.Text & "', Durum = '" & ComboBox7.Text & "', Email ='" & TextBox3.Text & "'
    

    如果你想学习的话,还有一些补充尝试学习使用参数化查询评论。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2017-02-07
      • 2018-06-26
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多