J'essaye du code SQL mais j'obtiens une erreur quand j'essaye ce code.VB.NET SqlException was Unhandled
Main.database.ExecuteCommand("UPDATE Contacts SET first_name='" + c.first_name + _
"', middle='" + c.middle + _
"', last_name='" + c.last_name + _
"', age='" + c.age + _
"', mobile_phone='" + c.mobile_phone + _
"', home_phone='" + c.home_phone + _
"', work_phone='" + c.work_phone + _
"', home_street='" + c.home_street + _
"', home_city='" + c.home_city + _
"', home_state='" + c.home_state + _
"', home_zip='" + c.home_zip + _
"', work_street='" + c.work_street + _
"', work_city='" + c.work_city + _
"', work_state='" + c.work_state + _
"', work_zip='" + c.work_zip + _
"', home_www='" + c.home_www + _
"', work_www='" + c.work_www + _
"', home_email='" + c.home_email + _
"', work_email='" + c.work_email + _
"' WHERE first_name='" + c.first_name + _
"' AND last_name='" + c.last_name + "'")
je reçois l'erreur suivante
Sql exception non gérée
Le texte des types de données et varchar sont incompatibles dans l'opérateur Egal à.
J'ai essayé la révision du code à l'aide des paramètres
Using conn As New SqlConnection(), _
myCommand As New SqlCommand("UPDATE Contacts SET" + _
"[email protected]_name" + _
"AND [email protected]" + _
"AND [email protected]_name" + _
"AND [email protected]" + _
"AND [email protected]_phone" + _
"AND [email protected]_phone" + _
"AND [email protected]_phone" + _
"AND [email protected]_street" + _
"AND [email protected]_city" + _
"AND [email protected]_state" + _
"AND [email protected]_zip" + _
"AND [email protected]_street" + _
"AND [email protected]_city" + _
"AND [email protected]_state" + _
"AND [email protected]_zip" + _
"AND [email protected]_www" + _
"AND [email protected]_www" + _
"AND [email protected]_email" + _
"AND [email protected]_email" + _
"WHERE [email protected]_name" + _
"AND [email protected]_name", conn)
myCommand.Parameters.Add(New SqlParameter("@first_name", c.first_name))
myCommand.Parameters.Add(New SqlParameter("@middle", c.middle))
myCommand.Parameters.Add(New SqlParameter("@last_name", c.last_name))
myCommand.Parameters.Add(New SqlParameter("@age", c.age))
myCommand.Parameters.Add(New SqlParameter("@mobile_phone", c.mobile_phone))
myCommand.Parameters.Add(New SqlParameter("@home_phone", c.home_phone))
myCommand.Parameters.Add(New SqlParameter("@work_phone", c.work_phone))
myCommand.Parameters.Add(New SqlParameter("@home_street", c.home_street))
myCommand.Parameters.Add(New SqlParameter("@home_city", c.home_city))
myCommand.Parameters.Add(New SqlParameter("@home_state", c.home_state))
myCommand.Parameters.Add(New SqlParameter("@home_zip", c.home_zip))
myCommand.Parameters.Add(New SqlParameter("@work_street", c.work_street))
myCommand.Parameters.Add(New SqlParameter("@work_city", c.work_city))
myCommand.Parameters.Add(New SqlParameter("@work_state", c.work_state))
myCommand.Parameters.Add(New SqlParameter("@work_zip", c.work_zip))
myCommand.Parameters.Add(New SqlParameter("@home_www", c.home_www))
myCommand.Parameters.Add(New SqlParameter("@work_www", c.work_www))
myCommand.Parameters.Add(New SqlParameter("@home_email", c.home_email))
myCommand.Parameters.Add(New SqlParameter("@work_email", c.work_email))
conn.Open()
myCommand.ExecuteNonQuery()
conn.Close()
End Using
Mais je vais avoir encore un problème d'initialisation de la connexion avec cette erreur
La propriété ConnectionString n'a pas été initialisé.
Quelqu'un peut-il dire "Sql Injection"? Ou ''; DROP TABLE Contacts; - '? –
@Joel, dès que ce site est déployé, je peux. –
C'est probablement votre colonne 'Age' qui est fausse, mais comme d'autres l'ont dit, cela devrait être réécrit comme une requête paramétrée. – RedFilter