C# 已经开始工作，@DanielMann谢谢我将阻止注入。@DanielMann使用参数更新了我的答案以阻止sql注入。谢谢，我如何更改查询以减少所选的一张DVD而不是全部DVD？我的答案向您展示了如何。替换var myquery=。。。在您现有的代码中，我的

---

---

已经开始工作，@DanielMann谢谢我将阻止注入。@DanielMann使用参数更新了我的答案以阻止sql注入。谢谢，我如何更改查询以减少所选的一张DVD而不是全部DVD？我的答案向您展示了如何。替换var myquery=。。。在您现有的代码中，我的答案中包含代码。您为什么建议某人在其应用程序中构建SQL注入漏洞？我已经让它工作了，@DanielMann谢谢您，我将阻止注入。@DanielMann使用参数更新了我的答案，以阻止SQL注入。

protected void Button2_Click(object sender, EventArgs e)
{

    var myquery = string.Format("UPDATE DVD SET Stock = Stock - 1");
    da.InsertCommand = new OleDbCommand("INSERT INTO DVD (Stock) VALUES (@MessageLabel)", conn);
    {
        da.InsertCommand.Parameters.AddWithValue("@Stock", MessageLabel.Text);

        conn.Open();
            da.InsertCommand.ExecuteNonQuery();
            using (OleDbCommand cmd = new OleDbCommand(myquery, conn))
            cmd.ExecuteNonQuery();
        conn.Close();
        conn.Dispose();
    }
}

public void Latest_DVD()
{
    {
        using (OleDbDataAdapter dataquer = new OleDbDataAdapter("SELECT Title,Category,Director,Stock,Year FROM DVD ", conn))
        {
            dataquer.Fill(dt);
        }
    }
    DG_Latest.ShowHeader = true;
    DG_Latest.DataSource = dt;
    DG_Latest.DataBind();
    conn.Close();
    conn.Dispose();
}

protected void Latest_DVD_SelectedIndexChanged(Object sender, EventArgs e)
{
    GridViewRow row = DG_Latest.SelectedRow;
    MessageLabel.Text = "You selected to rent " + row.Cells[1].Text + ".";
}

Data type mismatch in criteria expression.

protected void Button2_Click(object sender, EventArgs e)
{

    var myquery = string.Format("UPDATE DVD SET Stock = Stock - 1");
    conn.Open();
    using (OleDbCommand cmd = new OleDbCommand(myquery, conn))
        cmd.ExecuteNonQuery();
    conn.Close();
    conn.Dispose();
}

var myquery = string.Format("UPDATE DVD SET Stock = Stock - 1 WHERE Title = @Title");
var row = DB_Latest.SelectedRow;
var title = row.Cells[0].Text;
var cmd = new OleDbCommand(myquery, conn);
cmd.Parameters.AddWithValue("@Title", title);