1. 技术文章
  2. missing semicolon (;) at the end of sql statement

missing semicolon (;) at the end of sql statement

泄露秘密 提交于 2020-01-06 16:06:21

问题


im using access database and im getting this weird error...

missing semicolon at the end of sql statement...

p.s i try to put the semicolon but again same thing...error again... please help.

this is the code and the error start at Insert Into Statement : 

oleDbConnection1.Open();
        Int32 sasia_aktuale;
        Int32 sasia_e_shtuar = Convert.ToInt32(textBox1.Text.Trim());
        string kerkesa = "select * from magazina where emri = '"+listBox1.SelectedItem+"'";
        OleDbCommand komanda = new OleDbCommand(kerkesa, oleDbConnection1);
        OleDbDataReader lexo = komanda.ExecuteReader();
        lexo.Read();
        sasia_aktuale = Convert.ToInt32(lexo.GetValue(2).ToString());
        lexo.Close();
        Int32 sasia_totale = sasia_aktuale + sasia_e_shtuar;
        oleDbDataAdapter1.InsertCommand.CommandText =
            "insert into magazina(sasia) values('" + sasia_totale + "') where emri= '" + listBox1.SelectedItem + "'";
        oleDbDataAdapter1.InsertCommand.ExecuteNonQuery();
        MessageBox.Show("Sasia per produktin " + listBox1.SelectedItem + " u shtua me sukses!", "Sasia u shtua");
        oleDbConnection1.Close();

回答1:


You are mixing a WHERE clause with an INSERT statement, the two do not go together:

oleDbDataAdapter1.InsertCommand.CommandText =
        "insert into magazina(sasia) values('" + sasia_totale + "')";

Do you mean an UPDATE statement?

I'd also advise you to look up SQL injecton, and using SqlParameters to build your queries. Your code, currently is very insecure.

I can see you are after an UPDATE command. The INSERT SQL command is just going to insert whatever you give it. An example of an UPDATE command, using SqlParameters to help avoid SQL injection, is below, although this is untested as I obviously don't have access to your setup (nor am I doing this with an IDE):

var updateCommand = new OleDbCommand("UPDATE magazina SET sasia = @sasia_totale WHERE emri = @emri");
updateCommand.Parameters.AddWithValue("@sasia_totale", sasia_totale);
updateCommand.Parameters.AddWithValue("@emri", listBox1.SelectedItem.ToString());
oleDbDataAdapter1.UpdateCommand = updateCommand;
oleDbDataAdapter1.UpdateCommand.ExecuteNonQuery();


来源:https://stackoverflow.com/questions/18956396/missing-semicolon-at-the-end-of-sql-statement

标签
c#
sql
ms-access
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!