从c#代码运行更新查询时查询中出现语法错误
我正在尝试运行以下代码:从c#代码运行更新查询时查询中出现语法错误,c#,visual-studio,oledb,C#,Visual Studio,Oledb,我正在尝试运行以下代码: private void btnUpdate_Click(object sender, EventArgs e) { if (txtNewPassword.Text.Length > 4 && txtNewPassword.Text.Equals(txtConfirmPassword.Text)) { try { OleDbConnection connection = new
private void btnUpdate_Click(object sender, EventArgs e)
{
if (txtNewPassword.Text.Length > 4 && txtNewPassword.Text.Equals(txtConfirmPassword.Text))
{
try
{
OleDbConnection connection = new OleDbConnection(MDFConfiguration.getConnectionString());
connection.Open();
int updatedRecordCount = updateExistingUserRecord(connection);
if (updatedRecordCount > 0)
{
MessageBox.Show("Password Changed Successfully");
}
else
{
MessageBox.Show("There was some error during updated");
}
connection.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
MessageBox.Show("exception: " + ex.ToString());
}
}
else
{
MessageBox.Show("New Password does not match required criteria");
}
}
private int updateExistingUserRecord(OleDbConnection connection)
{
string sql = "UPDATE " + MDFConfiguration.LOGIN_INFO_TABLE + " SET " +
" password = '" + MDFUtils.CreateMD5Hash(txtNewPassword.Text) + "' WHERE " +
" login_name = '" + cmbLoginNames.SelectedItem.ToString() + "'";
Console.WriteLine("sql = " + sql);
OleDbCommand command = new OleDbCommand(sql, connection);
return command.ExecuteNonQuery();
}
UPDATE MDF_LOGIN_INFO SET password = 'E206A54E97690CCE50CC872DD70EE896' WHERE login_name = 'admin'
A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll
System.Data.OleDb.OleDbException (0x80040E14): Syntax error in UPDATE statement.
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)
at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()
at MDFData.AdminToolForm.updateExistingUserRecord(OleDbConnection connection) in c:\Users\UBAID ULLAH\Documents\Visual Studio 2012\Projects\Backup MDFData\MDFData\AdminToolForm.cs:line 114
at MDFData.AdminToolForm.btnUpdate_Click(Object sender, EventArgs e) in c:\Users\UBAID ULLAH\Documents\Visual Studio 2012\Projects\Backup MDFData\MDFData\AdminToolForm.cs:line 79
UPDATE MDF_LOGIN_INFO SET password = 'E206A54E97690CCE50CC872DD70EE896' WHERE login_name = 'admin'
A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll
System.Data.OleDb.OleDbException (0x80040E14): Syntax error in UPDATE statement.
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult)
at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)
at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()
at MDFData.AdminToolForm.updateExistingUserRecord(OleDbConnection connection) in c:\Users\UBAID ULLAH\Documents\Visual Studio 2012\Projects\Backup MDFData\MDFData\AdminToolForm.cs:line 114
at MDFData.AdminToolForm.btnUpdate_Click(Object sender, EventArgs e) in c:\Users\UBAID ULLAH\Documents\Visual Studio 2012\Projects\Backup MDFData\MDFData\AdminToolForm.cs:line 79
有什么建议吗?将您的列名用方括号括起来-可能是
密码登录名UPDATE MDF_LOGIN_INFO
SET [password] = 'E206A54E97690CCE50CC872DD70EE896'
WHERE [login_name] = 'admin'
我还建议您考虑在查询中使用SQL,而不是原始SQL,因为在您开始使用SQL的那一刻,您确实需要考虑使用SQL参数。您的代码,特别是考虑到密码哈希,是非常不安全的。
passwordlogin\u name[密码][登录名]