Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ruby-on-rails-3/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# OleDb更新查询_C#_Database_Ms Access_Oledbcommand - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# OleDb更新查询

C# OleDb更新查询

c# database ms-access

C# OleDb更新查询,c#,database,ms-access,oledbcommand,C#,Database,Ms Access,Oledbcommand,我不熟悉在C#中使用Access数据库,想知道是否有可能替换此代码 string sql = "UPDATE Volunteer SET VolunteerName = @VolunteerName, NickName = @NickName, ContactNo = @ContactNo WHERE VolunteerID = @VolunteerID "; dbCmd = new OleDbCommand(sql, dbConn); dbCmd.Parameters.AddWithVa

我不熟悉在C#中使用Access数据库,想知道是否有可能替换此代码

string sql = "UPDATE Volunteer SET
VolunteerName =  @VolunteerName, 
NickName = @NickName,
ContactNo = @ContactNo
WHERE VolunteerID = @VolunteerID ";

dbCmd = new OleDbCommand(sql, dbConn);
dbCmd.Parameters.AddWithValue("@VolunteerName", txtLastName.Text);
dbCmd.Parameters.AddWithValue("@NickName", txtFirstName.Text);
dbCmd.Parameters.AddWithValue("@ContactNo", txtContact.Text);
dbCmd.Parameters.AddWithValue("@VolunteerID", txtVolunteerID.Text);
用类似的东西

string sql = "UPDATE Volunteer SET
VolunteerName = "+ txtLastName.Text +", 
NickName = "+ txtFirstName.Text +",
ContactNo = "+ txtContact.Text +"
WHERE VolunteerID = "+ txtVolunteerID.Text ";

dbCmd = new OleDbCommand(sql, dbConn);
坏主意,坏主意,坏主意。使用参数的正确版本是正确的方法。唯一的调整是使用正确的类型添加值,而不是使用
AddWIthValue()
.google
sql注入攻击
来了解建议的代码为何不好。