我想知道我在更新用户时更新用户语法有什么问题,总是会在更新语句中说错误语法
With cmd
.Connection = con
.CommandText = ("UPDATE [User] SET Username='" & TextBox2.Text & "',FirstName='" & TextBox3.Text & "', LastName='" & TextBox4.Text & "',Password='" & TextBox5.Text & "' Where ID = '" & TextBox1.Text & "' ")
.ExecuteNonQuery()
.Dispose()
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox5.Text = ""
MsgBox("User Updated", vbInformation, "Information Message")
datagridShow1()
con.Close()
end with
我也试过这段代码
With cmd
.Connection = con
.CommandText = ("UPDATE [User] SET Username='" & TextBox2.Text & "',FirstName='" & TextBox3.Text & "', LastName='" & TextBox4.Text & "',Password='" & TextBox5.Text & "' where [ID]=@UID ")
.Parameters.AddWithValue("UID", CInt(TextBox1.Text))
.ExecuteNonQuery()
.Dispose()
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox5.Text = ""
MsgBox("User Updated", vbInformation, "Information Message")
datagridShow1()
con.Close()
end with
答案 0 :(得分:1)
Password是Access(JET / Ace)SQL中的关键字。您需要将其括在括号中。此外,ID是数字,所以不应该有单引号。
.CommandText = ("UPDATE [User] SET Username='" & TextBox2.Text & "',FirstName='" & TextBox3.Text & "', LastName='" & TextBox4.Text & "',[Password]='" & TextBox5.Text & "' Where ID = " & TextBox1.Text & " ")
请注意,就我所见,您的应用程序容易受到SQL注入的攻击,并将密码存储为纯文本。这是两个最明显,最容易修复的安全问题。