我遇到了问题.我想更新表,但我正在使用的代码不起作用 - 有人解释原因吗?
public void ChangeInfo(string Newname, string NewFullname, string NewEmail)
{
SqlConnection con = new SqlConnection("MyconnectionString");
SqlCommand command = new SqlCommand("UPDATE [Users] SET [UserName]='" + Newname + "', [Fullname]='" + NewFullname + "', [Email]='" + NewEmail + "' WHERE [ID]='" + this.ID + "'", con);
con.Open();
command.ExecuteNonQuery();
con.Close();
}
注意:所有列名都写得正确,ID也正确.
首先,你应该换你SqlCommand,并SqlConnection在using妥善处置.然后永远不要在SQL中使用字符串连接,因为它让你对SQL注入攻击开放.
public void ChangeInfo(string Newname, string NewFullname, string NewEmail)
{
using(SqlConnection con = new SqlConnection("MyconnectionString"))
using (
SqlCommand command =
new SqlCommand(
"UPDATE [Users] SET [UserName] = @UserName, [Fullname] = @NewFullName, [Email] = @NewWmail WHERE [ID] = @Id",
con))
{
command.Parameters.AddWithValue("@UserName", Newname);
command.Parameters.AddWithValue("@NewFullName", NewFullname);
command.Parameters.AddWithValue("@NewMail", NewEmail);
command.Parameters.AddWithValue("Id", this.ID);
con.Open();
command.ExecuteNonQuery();
con.Close();
}
}
话虽这么说,你要么有一个错误的连接字符串(你没有向我们显示语法)或你的查询中有语法错误,应该由我的例子清除.
如果您想进一步解释,您需要定义It doesn't work并提供您所获得的错误.