日期:2014-05-17  浏览次数:20573 次

小白求助 望各位大蝦 幫忙解答 UPDATE 语句的语法错误。
;string name = Session["sname"].ToString();
  OleDbConnection con = db.con();
  con.Open();
  OleDbCommand cmd = new OleDbCommand();
  cmd.Connection = (OleDbConnection)con;
  cmd.CommandText = "update Student set password=@password ,specialtyID=@specialtyID where Sname='" + name + "'";

  cmd.Parameters.Add("@password", SqlDbType.DateTime);
  cmd.Parameters.Add("@specialtyID", SqlDbType.Money);

   
  cmd.Parameters["@password"].Value = this.txxpwd.Text;
  cmd.Parameters["@specialtyID"].Value = this.DropDownList1.SelectedItem.Text;

  cmd.ExecuteNonQuery();
  con.Close();
  Response.Write("<script language='javascript'>alert('修改成功')</script>");
  }
}
求解正確的語法

------解决方案--------------------
C# code
cmd.CommandText = "update Student set password='@password' ,specialtyID=@specialtyID where Sname='" + name + "'";

------解决方案--------------------
update Student set password=@password ,specialtyID=@specialtyID where Sname='" + name + "'"


如果password是nvarchar类型的,name改为
update Student set password='@password' ,specialtyID=@specialtyID where Sname='" + name + "'"
------解决方案--------------------
你要么全用参数化,要么全用拼接