开发者

sql subquery syntax asp.net

开发者 https://www.devze.com 2023-04-08 15:47 出处:网络
I am trying to excute this sql query Dim str As String = \"UPDATE table1 SET \" & _ \"number = \'\" & strc & \"\',\" & _

I am trying to excute this sql query

Dim str As String = "UPDATE table1 SET " & _
            "number = '" & strc & "'," & _
            "code = '" 开发者_如何学运维& "123" & "'," & _
            "line= '" & dd1.text & "'," & _
            "sellr = '" & txtrun.text & "'," & _
            "endu= '" & txtex1.value+txtex2.value & "'" & _
             "WHERE number IN (select table1.number" & _
"FROM table1 INNER JOIN table2 ON table1.number = table2.number" & _
"WHERE ((table1.username)='" &  session("username") & "' AND (table1.pass)='" & session("pass") & "' AND (table2.sellnum)='" & session("sellnum") & "'));"

there is a Syntax error in query expression and this is te first time I am using nested subquery

all the field are getting String values

So if someone can tell me what is the right approach to write this query I will be very grateful


You're missing spaces after table1.number and table2.number fields in the subquery.

I don't know where you're using this query, but you might want to read about SQL injection. When you stick strings together to build SQL, your code may be vulnerable to malicious users who put SQL code into the fields of your application.

0

精彩评论

暂无评论...
验证码 换一张
取 消