SQL Command error: "incorrect syntax near AND"_问答_开发者

SQL Command error: "incorrect syntax near AND"

开发者 https://www.devze.com 2023-02-11 00:09 出处：网络

whats wrong in this query showing error ... incorrect syntax near AND Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click

whats wrong in this query showing error ... incorrect syntax near AND

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim cmd As New Data.SqlClient.SqlCommand
        Dim con As New Data.SqlClient.SqlConnection(constr)
        Try
            Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' AND hotel = '" & TextBox2.Text & "' AND location = '" & TextBox3.Text & "' AND price = '" & TextBox4.Text & "' AND category = '" & Rating1.CurrentRating & "' AND short = '" & TextBox6.Text & "' AND details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"

            '------------"
            con.Open()
            cmd.Connection = con
            cmd开发者_如何学运维.CommandText = strSql
            cmd.ExecuteNonQuery()
        Catch ex As Exception
            Response.Write(ex.Message)
        Finally
            cmd.Dispose()
            con.Dispose()
        End Try
    End Sub

 Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' , hotel = '" & TextBox2.Text & "' , location = '" & TextBox3.Text & "' , price = '" & TextBox4.Text & "' , category = '" & Rating1.CurrentRating & "' , short = '" & TextBox6.Text & "' , details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"

Try this

You also need validate the input in the textboxes so ppl dont du injection exploits against you.

I don't think you need all those ANDs, use commas...

Incidentally

using string.Format or, better still Parameterised Queries or Stored Procedures is better than all this fiddly joining of strings.

Dim strSql As String
strSql = "UPDATE hotels SET city = '{0}', hotel = '{1}', location = '{2}', price = '{3}', category = '{4}', short = '{5}', details = '{6}' WHERE hotelid ='{7}'"

strSql = String.Format(strSql, ,TextBox1.Text.Trim(), TextBox2.Text.Trim(), TextBox3.Text.Trim(), TextBox4.Text.Trim(), Rating1.CurrentRating, TextBox6.Text,Editor1.Content,Request.QueryString("hotelid"))