写更新查询

写更新查询

关注
发信
关注(28)粉丝(399)

如何编写更新查询

本文介绍了如何编写更新查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有大学生的出勤数据库。

我的出勤数据库包含以下栏目:

date | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |

其中1,2,3,4 ... 10是滚动编号。

i使用gridview显示roll_no,名称和标记当前和缺席的复选框列。

i想要写更新查询。我当前的代码没有执行但数据库中的值没有更新。

我的代码:

//使用今天的日期和每个roll_no的默认值初始化为1

string query =插入MCOM值(getdate(),1,1,1,1,1,1 ,1,1,1,1);

SqlCommand cmd2 = new SqlCommand(query,con);

cmd2.ExecuteNonQuery();

$ / $
foreach(gvEmp.Rows中的GridViewRow gvrow)

{

CheckBox chk =(CheckBox)gvrow.FindControl(chkSelect) ;

if(chk!= null&chk.Checked)

{



int c = gvrow.RowIndex + 1;

TextBox1.Text =[+ c +];

//作为文本框每次迭代包含roll_no(例如,1,2,3 .... 10)

string query =update MCOM set+ TextBox1.Text += 1 where date = getdate() ;

SqlCommand cmd2 = new SqlCommand(query,con);

cmd2.ExecuteNonQuery();

}

else

{

int c = gvrow.RowIndex + 1;

TextBox1.Text =[+ c +];

string query =update MCOM set+ TextBox1.Text += 0 where date = getdate();



SqlCommand cmd1 = new SqlCommand(query,con);

cmd1.ExecuteNonQuery();



}

}



请告诉我为什么我的代码在没有e的情况下执行但是数据库表仍然没有变化。

i have an attendance database of college students.
my attendance database contain columns as follows:
date|1|2|3|4|5|6|7|8|9|10|
where 1,2,3,4...10 are the roll numbers.
i am using gridview to display roll_no,name and checkbox column to mark present and absent.
i want to write update query.my current code not executing but values in database are not updating.
my code:
//initializing with todays date and default values for each roll_no as 1
string query = "insert into MCOM values(getdate(),1,1,1,1,1,1,1,1,1,1)";
SqlCommand cmd2 = new SqlCommand(query, con);
cmd2.ExecuteNonQuery();

foreach (GridViewRow gvrow in gvEmp.Rows)
{
CheckBox chk = (CheckBox)gvrow.FindControl("chkSelect");
if (chk != null & chk.Checked)
{

int c = gvrow.RowIndex + 1;
TextBox1.Text = "["+c+"]";
// as textbox contain roll_no(eg.1,2,3....10) for each iteration
string query = "update MCOM set " + TextBox1.Text + "=1 where date=getdate()";
SqlCommand cmd2 = new SqlCommand(query, con);
cmd2.ExecuteNonQuery();
}
else
{
int c = gvrow.RowIndex + 1;
TextBox1.Text = "[" + c + "]";
string query = "update MCOM set " + TextBox1.Text + "=0 where date=getdate()";

SqlCommand cmd1 = new SqlCommand(query, con);
cmd1.ExecuteNonQuery();

}
}

please tell me why my code is executing without errors but still no change in database table.

推荐答案

UPDATE ... WHERE CONVERT(DATE, [date])=CONVERT(DATE, GETDATE())





但是拜托,不要那样做!您正在使用文本框值直接构造SQL字符串 - 这是令人难以置信的危险!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。

您不能使用参数来指定列名,因此您必须查看更复杂的指定列的系统 - 除非您想要最好的配合删除你的数据库只是为了看他是否可以......



But please, don't do that! You are using a textbox value directly to construct your SQL string - and that's unbelievably dangerous! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You can't use a parameter to specify the column name, so you will have to look at a more sp]sophisticated system of specifying the column - unless you want your best mate to delete your DB just to see if he can...


这篇关于如何编写更新查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 06:04
Powered by LMLPHP ©2024 写更新查询 0.039532