我有语法错误。
在chareter字符串'okwhere'后有未闭合的量化标记
uername=sam'。“okwhere username=sam”附近的SysnTax不正确。
代码:
cmd.CommandText = "UPDATE SystemInfo SET" + " UserName='" + UserName + "',
UserDomainName='" + UserDomainName + "',UserMachineName='" + UserMachineName
+"',UserIP='" + UserIP + "', UserOsVersion='" + UserOsVersion +
"',UserSystemDirectory='" + UserSystemDirectory + "',UserCurrentDirectory='" +
UserCurrentDirectory + "', ProcessorName='" + ProcessorName + "',
ProcessMnufacturer='" + ProcessMnufacturer + "',ProcessorID='" + ProcessorID +
"',ProcessorDescription='" + ProcessorDescription + "',ProcessorVersion='" +
ProcessorVersion + "',ProcessorStatus='" + ProcessorStatus + "',ProcessorDeviceId='" +
ProcessorDeviceId + "', OSCaption='" + OSCaption + "',OSSerialNumber='" +
SSerialNumber + "',OSManufacturer ='" + OSManufacturer + "',OSVersion='" + OSVersion +
"', OSStatus='" + OSStatus + "',OSName='" + OSName + "', BiosName='" + BiosName +
"',BiosVersion='" + BiosVersion + "',BiosSerialNumber='" + BiosSerialNumber + "',
BiosManufacturer='" + BiosManufacturer + "',BiosCurrentlanguage='" +
BiosCurrentlanguage + "', BiosStatus='" + BiosStatus + "Where UserName=" +
UserName.ToString ();
最佳答案
BiosStatus + "Where UserName="
在
WHERE子句前需要一个空格,并在UserName周围添加引号,应该如下所示:BiosStatus + " Where UserName='" + UserName.ToString() + "'"
作为附加说明,请尝试使用paramerterized queries。这将防止
SQL Injection攻击。您可以通过执行以下操作来实现此目的:command.CommandText = "UPDATE TABLE " +
"SET BiosStatus = $BiosStatus, BiosManufacturer = $BiosManufacturer " +
"WHERE UserName = $UserName";
command.Parameters.AddWithValue("$BiosStatus", BiosStatus);
command.Parameters.AddWithValue("$BioManufacturer", BiosManufacturer);
command.Parameters.AddWithValue("$UserName", UserName);