用vb和sql更新数据库中的数据_Sql_Database_Vb.net

用vb和sql更新数据库中的数据

sql database vb.net

用vb和sql更新数据库中的数据,sql,database,vb.net,Sql,Database,Vb.net,我想使用数据库中的文本框更新数据，但收到错误消息。错误是“（”附近的语法不正确。” 下面是更新数据的代码希望你们都能帮我解决这个问题。谢谢：）需要在WHERE子句中引用房间代码文本 Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomTy

我想使用数据库中的文本框更新数据，但收到错误消息。错误是“（”附近的语法不正确。”

下面是更新数据的代码

希望你们都能帮我解决这个问题。谢谢：）

需要在WHERE子句中引用房间代码文本

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

编辑

或者最好也把它作为一个参数。

我相信这句话：

Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (@RoomCode, @RoomType, @RoomNo, @RoomPrice, @RoomStatus, @NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "

需要重写如下：

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, [Room_Type] = @RoomType,  [Room_No] = @RoomNo, [Room_Price] = @RoomPrice, [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "

你有两个问题。你没有引用你的txtRoomCode.txt值，这不是UPDATE语句的正确语法，除非我真的很困惑。

你已经在使用参数了，别忘了最后一个参数，它可能会打开你的

sql

，导致注入攻击

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"

Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = @RoomCode, 
    [Room_Type] = @RoomType, [Room_No] = @RoomNo, [Room_Price] = @RoomPrice
    [Room_Status] = @RoomStatus, [No_of_Occupancy] = @NoOfOccupancy
    WHERE [Room_Code] = @RoomCode"