我的更新语句中的语法错误

Question

我不能看到我的代码出错了，我尝试了几次改变它，并无法获得更改，如果我可以得到一些帮助，我将不胜感激。

private void btnUpdatePersonalDetails_Click(object sender, EventArgs e) 
    { 
     if (rndMale.Checked == true) 
     { 
      Gender = "Male"; 
     } 
     else 
     { 
      if (rndFemale.Checked == true) 
      { 
       Gender = "Female"; 
      } 
     } 
     string mySqlCode = 
      "UPDATE tblPersonalDetails Set [First Name]='" + txtFirstName.Text 
      + "',[Last Name] = '" + txtLastName.Text 
      + "',Age = '" + txtAge.Text 
      + "',Height(cm) = '" + txtHeight.Text 
      + "',[Average Resting Heart Rate] = '" + txtAverageRestingHeartRate.Text 
      + "',[Contact Number] = '" + txtContactNumber.Text 
      + "',newAddress = '" + txtAddress.Text 
      + "',Gender = '" + Gender 
      + "' WHERE Username= '"+GlobalUsername.username+"'"; 
     insertDatabase(mySqlCode); 

    } 

Answer 1

使用[Height(cm)]而不是Height(cm)。

Answer 2

让我们先从一些基础知识：

• 不要使用列名这样也表名。这是不好的做法。

• 使用SqlParameter您SqlCommand防止SQL注入

• 使用不同类BusinesLayer，DataAccessLayer

这里是如何看的代码aspx页面：

private void btnUpdatePersonalDetails_Click(object sender, EventArgs e) 
{ 
     if (rndMale.Checked == true) 
     { 
      gender = "Male"; 
     } 
     else 
     { 
      if (rndFemale.Checked == true) 
      { 
       gender = "Female"; 
      } 
     } 

     PersonalDetails personDetails = new PersonalDetails(); 

     personalDetails.UpdateDetails(txtFirstName.Text, txtLastName.Text, txtAge.Text, txtHeight.Text,txtAverageRestingHeartRate.Text, txtContactNumber.Text, txtAddress.Text, gender, GlobalUserName.username); 
} 

这里是Business对象类 - >这里我会使用重命名的列。您应该在数据库中重命名您的列。

public void UpdateDetails(string firstName, string lastName, string age, string height, string avgHeartRate, string contactNumber, string address, string gender, string userName) 
{ 
    SqlCommand cmd = new SqlCommand(@" 
UPDATE 
    PersonalDetails 
SET 
    FirstName = @FirstName, 
    LastName = @LastName, 
    Age = @Age, 
    Height = @Height, 
    AvgHeartRate = @AvgHeartRate, 
    ContactNumber = @ContactNumber 
    Address = @Address, 
    Gender = @Gender 
WHERE 
    UserName = @UserName 
"); 

    cmd.Parameters.AddWithValue("@FirstName", firstName); 
    cmd.Parameters.AddWithValue("@LastName", lastName); 
    cmd.Parameters.AddWithValue("@Age", age); 
    cmd.Parameters.AddWithValue("@Height", height); 
    cmd.Parameters.AddWithValue("@AvgHeartRate", avgHeartRate); 
    cmd.Parameters.AddWithValue("@ContactNumber", contactNumber); 
    cmd.Parameters.AddWithValue("@Address", address); 
    cmd.Parameters.AddWithValue("@Gender", gender); 
    cmd.Parameters.AddWithValue("@UserName", userName); 

    SqlManager.ExecuteNonQuery(cmd); 
} 

这里是SqlManager类两种方法：

public static int ExecuteNonQuery(SqlCommand cmd) 
    { 
     SqlConnection conn = GetSqlConnection(cmd); 

     try 
     { 
      return cmd.ExecuteNonQuery(); 
     } 
     catch 
     { 
      throw; 
     } 
     finally 
     { 
      conn.Close(); 
     } 
    } 

    public static SqlConnection GetSqlConnection(SqlCommand cmd) 
    { 
     if (cmd.Connection == null) 
     { 
      SqlConnection conn = new SqlConnection(ConnectionString); 

      conn.Open(); 

      cmd.Connection = conn; 

      return conn; 
     } 

     return cmd.Connection; 
    } 

如果你写列名正确，这将更新您的个人资料没有问题。我在这个问题中编写了基本的数据访问层：checking user name or user email already exists。你可以检查它，如果你想。