Guid currentUserID = (Guid)Session["UserId"];
String accomid = (String)Session["AccomID"];
String schdid = (String)Session["SchdID"];
String schdprice = (String)Session["SchdPrice"];
con.Open();
cmd = new SqlCommand("insert into Transactions (Accom_ID, UserID, Schd_ID, Trans_CardNo, Trans_CardSecurity, Trans_CardName, Trans_Paid, Trans_Cost) values('" + accomid + "','" + currentUserID + "','" + schdid + "','" + txtCardNumber.Text + "','" + txtCardSecurityNumber.Text + "','" + txtName.Text + "','" + "Yes" + "','" + schdprice + "')", con);
cmd.ExecuteNonQuery();
cmd = new SqlCommand("UPDATE Schedule (Schd_Avaliable) values('" + "No" + "')", con);
cmd.ExecuteNonQuery();
,我发现了错误ASP.NET SQL - 附近有语法错误('
附近有语法错误('
如果我删除这些语句:
cmd = new SqlCommand("UPDATE Schedule (Schd_Avaliable) values('" + "No" + "')", con);
cmd.ExecuteNonQuery();
我得到了没有错误任何想法有什么问题吗
你也可能想看看参数化查询......他们是更安全,更容易编写。 – Cosmin 2011-04-02 21:27:26