'(更新数据库中的记录时)附近的语法不正确

Question

我的代码产生了Incorrect syntax near '('异常.我尝试了两种不同的方法,但它们都产生了相同的异常.我正在尝试更新数据库中的记录.

这是我的代码,产生异常的行是Execute非查询行.在updater.Fill(dtable)这也注释掉产生相同的异常.

protected void btnSave_Click(object sender, EventArgs e)
{
    int found = 0; // No match found so far

    // Get the current selected Manufacturer
    string currentManufacturer = grdManufact.SelectedRow.Cells[1].Text;
    string currentIsModerated = grdManufact.SelectedRow.Cells[3].Text;

    // Connect to the database
    string strConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString2"].ToString();
    SqlConnection conn = new SqlConnection(strConnectionString); 
    conn.Open();


    // Try to find if new record would be a duplicate of an existing database record
    if (txtManufactureName.Text != currentManufacturer)
    {
        string findrecord = "SELECT * From VehicleManufacturer WHERE ManufacturerName = '" + txtManufactureName.Text + "'";
        SqlDataAdapter adpt = new SqlDataAdapter(findrecord, conn);
        DataTable dt = new DataTable();
        found = adpt.Fill(dt);
    }

    if (found == 0) // New record is not a duplicate you can proceed with record update
    {
        String query;
        if (checkBoxModerated.Checked)
        {
            query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','true') WHERE ManufacturerName = " + currentManufacturer + ";";
        }
        else
        {
            query = "UPDATE VehicleManufacturer (ManufacturerName, ManufacturerDescription, Ismoderated) Values ('" + txtManufactureName.Text + "','" + txtDescription.Text + "','false') WHERE ManufacturerName = " + currentManufacturer + ";";
        }
        using (SqlCommand command = new SqlCommand(query, conn))
        {
            command.ExecuteNonQuery();
        }
       //using (SqlDataAdapter updater = new SqlDataAdapter(command))
       // {
        //    DataTable dtable = new DataTable();
        //    updater.Fill(dtable);
       // }
        txtMessage.Text = "Manufacturer record changed Successfully";
        txtManufactureName.Text = "";
        txtDescription.Text = "";
        checkBoxModerated.Checked = false;

    }
    else
    { // Record is a duplicate of existing database records. Give error message.
        txtMessage.Text = "Sorry, that manufacturer name already exists.";
    }
}

Answer 1

您使用的UPDATE语句语法不正确.

代替

UPDATE Table (Fields) VALUES (Values) WHERE ...

它应该是

UPDATE Table SET Field1=Value1, Field2=Value2 WHERE ...

此外,您有一个SQL注入漏洞(虽然这不是您的例外的原因).不要对用户输入的SQL查询使用字符串连接.请改用预备语句.