【问题标题】:insert query syntax插入查询语法
【发布时间】:2013-03-28 06:08:11
【问题描述】:

我不断收到错误消息,提示 where 附近的语法不正确。谁能告诉我我做错了什么?

string strSession = objGetSession.GetEmailFromSession();
con.Open();
string strInsertFnLn = "Insert into AUserAddress (FirstName, LastName) values (@FirstName, @LastName) where AUser_ID = (Select ID from AUser where Email ='" + strSession + "')";

using (SqlCommand Cmd = new SqlCommand(strInsertFnLn, con))
{
    Cmd.Parameters.AddWithValue("@FirstName", txtEditFirstName.Text);
    Cmd.Parameters.AddWithValue("@LastName", txtEditLastName.Text);
    //Cmd.Parameters.AddWithValue("@Email", txtEditEmail.Text);
    Cmd.ExecuteNonQuery();
    con.Close();
}

【问题讨论】:

标签: c# sql sql-server sql-update sql-insert


【解决方案1】:

我猜你的意思是UPDATE

UPDATE  a
SET     a.FirstName = @FirstName,
        a.LastName = @LastName
FROM    AUserAddress a
        INNER JOIN AUser b
            ON a.AUser_ID = b.ID
WHERE   b.Email = @Email

所以完整的声明将如下所示,

string strSession = objGetSession.GetEmailFromSession();            
string connString = "connection string here";
string strInsertFnLn = @"
                            UPDATE  a
                            SET     a.FirstName = @FirstName,
                                    a.LastName = @LastName
                            FROM    AUserAddress a
                                    INNER JOIN AUser b
                                        ON a.AUser_ID = b.ID
                            WHERE   b.Email = @Email
                        ";
using (SqlConnection con = new SqlConnection(connString))
{
    using (SqlCommand Cmd = new SqlCommand(strInsertFnLn, con))
    {
        Cmd.Parameters.AddWithValue("@FirstName", txtEditFirstName.Text);
        Cmd.Parameters.AddWithValue("@LastName", txtEditLastName.Text);
        Cmd.Parameters.AddWithValue("@Email", strSession);
        try
        {
            con.Open();
            Cmd.ExecuteNonQuery();
        }
        catch (SqlException ex)
        {
            // do something with the exception
            // don't hide it
        }
    }
}

【讨论】:

  • +1 完全正确 - 使用 @Email 参数使它成为一个非常好的、安全的 SQL 语句!
【解决方案2】:

问题出在一行

string strInsertFnLn = "Insert into AUserAddress (FirstName, LastName) 
   values (@FirstName, @LastName) where 
   AUser_ID = (Select ID from AUser where Email ='" + strSession + "')";

where 条件在这个查询中有什么用
应该是这样的

string strInsertFnLn = "Insert into AUserAddress (FirstName, LastName) 
                            values (@FirstName, @LastName)";

编辑 1

或者如果你想更新记录,那么它应该如下

 string strInsertFnLn = "update AUserAddress set FirstName=@FirstName, 
                       LastName=@LastName where 
   AUser_ID = (Select ID from AUser where Email ='" + strSession + "')";

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-12-09
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多