C# ASP.NET,C如何编写此sql命令
如何在asp.net c代码中编写此代码 我试图做的是选择orderno等于当前会话的invoicetable中的所有行,并从与itemid匹配的“invoicetable数量”中扣除invoicetable的库存C# ASP.NET,C如何编写此sql命令,c#,sql,asp.net,sqlcommand,C#,Sql,Asp.net,Sqlcommand,如何在asp.net c代码中编写此代码 我试图做的是选择orderno等于当前会话的invoicetable中的所有行,并从与itemid匹配的“invoicetable数量”中扣除invoicetable的库存 SqlCommand cmd = new SqlCommand("UPDATE inventorytable JOIN invoicetable ON inventorytable.ItemID = invoicetable.Ite
SqlCommand cmd =
new SqlCommand("UPDATE inventorytable
JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
WHERE invoicetable.No='" + Convert.ToInt32(Session["invoiceno"]) + "'"
, con);
InsertUpdateData(cmd);
更新查询的格式不正确,应该使用参数化SQL。试着用这样的东西
var sqlQuery =
@"UPDATE inventorytable
SET inventorytable.inventory = inventorytable.inventory-invoice.QTY
FROM inventorytable
INNER JOIN invoicetable ON inventorytable.ItemID = invoicetable.ItemID
WHERE invoicetable.No=@invNo";
using (var conn = new SqlConnection(CONN_STR))
{
var sqlCmd = new SqlCommand(sqlQuery, conn);
sqlCmd.Parameters.AddWithValue("@invNo", Session["invoiceno"].ToString());
sqlCmd.ExecuteNonQuery();
}
我在前面没有输入VS,因此如果有语法问题,请告诉我您提供的代码用于update语句。是否还有其他SQL需要评估?项目ID在哪里。您是否也在会话变量中添加了?另外,您提供的代码段存在一些非常严重的安全问题。请查看参数。是的,我正在尝试更新inventorytable,方法是通过扣除invoicetable列QTI来减少每个项目的inventory列。我尝试了您的代码,结果成功了。你为我节省了很多时间,谢谢
var n = Session["invoiceno"] != null ? Convert.ToInt32(Session["invoiceno"]) : 0;
using (var conn = new SqlConnection(CONN_STR))
{
conn.Open();
var sql = "SELECT * FROM invoicetable WHERE orderno = @n";
var cmd = new SqlCommand(sql);
cmd.Connection = conn ;
cmd.Parameters.AddWithValue("@n", n);
using(var dr = cmd.ExecuteReader())
{
while(dr.Read())
{
//loop through DataReader
}
dr.Close();
}
}