使用参数在 C# 中更新 SQL 命令
UPDATE SQL command in C# using parameters
我做错了什么?这是我的功能:
public void editStaff(int ID, string firstName, string lastName, string DOB, string home, string telephone, string email, int positionID, CheckBox chkBoxPartTime, double pay, string emergencyName, string emergencyTel, string NINO)
{
OleDbCommand cmd = conn.CreateCommand();
conn.Open();
cmd.CommandText = $"UPDATE Staff SET [First name] = @First, [Last name] = @Last, [Date of birth] = @DOB,[Home address] = @Home, [Telephone] = @Tel," +
$" [Email] = @Email, [positionID] = @Pos, [Part time] = @Part, [Pay an hour] = @Pay, [Emergency name] = @Contact, [Emergency telephone] = @ContactTel, [NINO] = @NINO WHERE staffID = '{ID}'";
//Using parameters I pass each value to the command. This is a more secure way of implementic this that avoids SQL injections.
cmd.Parameters.AddWithValue("@First", firstName);
cmd.Parameters.AddWithValue("@Last", lastName);
cmd.Parameters.AddWithValue("@DOB", DOB);
cmd.Parameters.AddWithValue("@Home", home);
cmd.Parameters.AddWithValue("@Tel", telephone);
cmd.Parameters.AddWithValue("@Email", email);
cmd.Parameters.AddWithValue("@Pos", positionID);
cmd.Parameters.AddWithValue("@Part", chkBoxPartTime.Checked);
cmd.Parameters.AddWithValue("@Pay", pay);
cmd.Parameters.AddWithValue("@Contact", emergencyName);
cmd.Parameters.AddWithValue("@ContactTel", emergencyTel);
cmd.Parameters.AddWithValue("@NINO", NINO);
cmd.ExecuteNonQuery();
MessageBox.Show("Staff member successfully editted!");
conn.Close();
我得到的错误是
System.Data.OleDb.OleDbException: 'Data type mismatch in criteria expression.'.
我已经使用断点检查了传递的每个值是否都是正确的变量类型,因此所有数据都已正确传递,我看不出问题出在哪里。谢谢
是的,正如一些评论者指出的那样,参数化 ID 变量似乎是解决方案。
我做错了什么?这是我的功能:
public void editStaff(int ID, string firstName, string lastName, string DOB, string home, string telephone, string email, int positionID, CheckBox chkBoxPartTime, double pay, string emergencyName, string emergencyTel, string NINO)
{
OleDbCommand cmd = conn.CreateCommand();
conn.Open();
cmd.CommandText = $"UPDATE Staff SET [First name] = @First, [Last name] = @Last, [Date of birth] = @DOB,[Home address] = @Home, [Telephone] = @Tel," +
$" [Email] = @Email, [positionID] = @Pos, [Part time] = @Part, [Pay an hour] = @Pay, [Emergency name] = @Contact, [Emergency telephone] = @ContactTel, [NINO] = @NINO WHERE staffID = '{ID}'";
//Using parameters I pass each value to the command. This is a more secure way of implementic this that avoids SQL injections.
cmd.Parameters.AddWithValue("@First", firstName);
cmd.Parameters.AddWithValue("@Last", lastName);
cmd.Parameters.AddWithValue("@DOB", DOB);
cmd.Parameters.AddWithValue("@Home", home);
cmd.Parameters.AddWithValue("@Tel", telephone);
cmd.Parameters.AddWithValue("@Email", email);
cmd.Parameters.AddWithValue("@Pos", positionID);
cmd.Parameters.AddWithValue("@Part", chkBoxPartTime.Checked);
cmd.Parameters.AddWithValue("@Pay", pay);
cmd.Parameters.AddWithValue("@Contact", emergencyName);
cmd.Parameters.AddWithValue("@ContactTel", emergencyTel);
cmd.Parameters.AddWithValue("@NINO", NINO);
cmd.ExecuteNonQuery();
MessageBox.Show("Staff member successfully editted!");
conn.Close();
我得到的错误是
System.Data.OleDb.OleDbException: 'Data type mismatch in criteria expression.'.
我已经使用断点检查了传递的每个值是否都是正确的变量类型,因此所有数据都已正确传递,我看不出问题出在哪里。谢谢
是的,正如一些评论者指出的那样,参数化 ID 变量似乎是解决方案。