题
Dim conn As OleDbConnection
Dim cmd As OleDbCommand
Public Sub openDB()
conn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Application.StartupPath & "\VFMS_DB.mdb;" & "Jet OLEDB:System Database=Security.mdw;User ID=Adster;Password=300624;")
conn.Open()
End Sub
Public Function UpdateUser() As Integer
Dim retCode As New Integer
Try
openDB()
cmd = conn.CreateCommand()
下面的更新命令不断给我这个错误:“从字符串转换”“WHERE [用户名] =”“键入‘双’无效”。我不知道为什么。该aUserName字段是一个字符串领域,我检查,以确保它的填充。
cmd.CommandText = "UPDATE Users SET [First Name] = '" & aName & "', [Last Name] = '" & aSurname & "', [Contact Number] = '" & aContactNum & "', [Password] = '" & aPassword & "', [User Rights] = '" & aUserRights + "' WHERE [Username] = '" + aUserName + "' "
cmd.ExecuteNonQuery()
conn.Close()
'rsAddRecs = rsConn.Execute("UPDATE Users ([First Name], [Last Name], [Contact Number], [User Name], [Password], [User Rights]) VALUES ('" & aName & "','" & aSurname & "','" & aContactNum & "','" & aUserName & "','" & aPassword & "','" & aUserRights & "')")
retCode = 0
'rsConn.Close()
Return retCode
Catch ex As Exception
MessageBox.Show(ex.ToString, ex.Message, MessageBoxButtons.OK)
retCode = 1
Return retCode
End Try
End Function
解决方案
您有一个错字。您使用的 + 是在SQL字符串代替的端部的concat字符的&强>字符
<强>错误强>
cmd.CommandText = "UPDATE Users SET [First Name] = '" & aName & _
"', [Last Name] = '" & aSurname & _
"', [Contact Number] = '" & aContactNum & _
"', [Password] = '" & aPassword & "', [User Rights] = '" & _
aUserRights + "' WHERE [Username] = '" + aUserName + "' "
' ^ ^ ^
从右强>
cmd.CommandText = "UPDATE Users SET [First Name] = '" & aName & _
"', [Last Name] = '" & aSurname & _
"', [Contact Number] = '" & aContactNum & _
"', [Password] = '" & aPassword & "', [User Rights] = '" & _
aUserRights & "' WHERE [Username] = '" & aUserName & "' "
' ^ ^ ^
其他提示
您SQL代码使用[Username]
:
cmd.CommandText = "UPDATE Users SET ... [Username]...
尽管你注释的代码中使用[User Name]
:
'rsAddRecs = rsConn.Execute("UPDATE Users ... [User Name]...
可能错误的列名是问题的根源?
另一种思考:有你如消毒您的参数值可以在值包含被打乱动态SQL单引号。在任何情况下,我想你应该考虑使用准备好的语句(甚至是程序),并使用参数对象调用SQL,从而推迟参数值的OLE DB提供程序的消毒,这当然会知道更多关于主题比你或I:)
不隶属于 StackOverflow