下面是插入的代码 - 我只需要帮助将它转换成更新与值和where子句的语法。正确的MS SQL更新语句语法C#与ADODB.Parameters?
ADODB.Command cmdInsert = new ADODB.Command();
cmdInsert.ActiveConnection = conn;
cmdInsert.CommandText = "INSERT INTO ExchangeTypes(MarketSelectionId) VALUES (?)";
//Update statement to be modelled:
//cmdUpdate.CommandText = "Update ExchangeTypes SET
//LayOdds = '" & layOdds & "'" & ",
//Size='" & laySize & "' WHERE
//MarketId='" & marketid & "'" and SelectionId='" & selectionid & "'"
cmdInsert.CommandType = ADODB.CommandTypeEnum.adCmdText;
// Append the parameters
ADODB.Parameter paramMS = cmdInsert.CreateParameter(
"MarketSelectionId", // Parameter name
ADODB.DataTypeEnum.adVarChar, // Parameter type (adVarChar)
ADODB.ParameterDirectionEnum.adParamInput, // Parameter direction
200, // Max size
umarketiduselectionid); // Parameter value
cmdInsert.Parameters.Append(paramMS);
object nRecordsAffected = Type.Missing;
object oParams = Type.Missing;
cmdInsert.Execute(out nRecordsAffected, ref oParams,
(int)ADODB.ExecuteOptionEnum.adExecuteNoRecords);
这看起来像你开始建立的东西,将疯狂 - 容易受到SQL注入攻击。 –