我想这EXCUTE SQL查询SQL子查询语法asp.net
Dim str As String = "UPDATE table1 SET " & _
"number = '" & strc & "'," & _
"code = '" & "123" & "'," & _
"line= '" & dd1.text & "'," & _
"sellr = '" & txtrun.text & "'," & _
"endu= '" & txtex1.value+txtex2.value & "'" & _
"WHERE number IN (select table1.number" & _
"FROM table1 INNER JOIN table2 ON table1.number = table2.number" & _
"WHERE ((table1.username)='" & session("username") & "' AND (table1.pass)='" & session("pass") & "' AND (table2.sellnum)='" & session("sellnum") & "'));"
存在查询表达式语法错误,这是德我第一次使用嵌套子查询
所有领域越来越字符串的值
所以,如果有人能告诉我什么是写这个查询正确的方法我会
您的代码可以广泛应用于[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)。您应该使用参数化查询。 – Oded
同意Oded ...创建一个存储过程,它接受这些参数并进行更新。 –