我看到一个demo中语句是,UPDATE authors SET au_id = ?, au_fname = ?, au_lname = ?, state = ?, city = ?, phone = ? WHERE (au_id = ?) AND (au_fname = ?) AND (au_lname = ?) AND (city = ? OR ? IS NULL AND city IS NULL) AND (phone = ?) AND (state = ? OR ? IS NULL AND state IS NULL)都是?可以吗?参数如何付值呢?
DbCommand.Parameters["au_lname"].Value = (e.Item.FindControl("tbLName") as TextBox).Text;
DbCommand.Parameters["state"].Value = ((DropDownList)e.Item.FindControl("ddlState")).SelectedItem.Text;
DbCommand.Parameters["city"].Value = ((DropDownList)e.Item.FindControl("ddlCity")).SelectedItem.Text;
DbCommand.Parameters["address"].Value = (e.Item.FindControl("tbAddress") as TextBox).Text;
DbCommand.Parameters["phone"].Value = (e.Item.FindControl("tbPhone") as TextBox).Text;
DbCommand.Parameters["zip"].Value = (e.Item.FindControl("tbZip") as TextBox).Text;
DbCommand.Parameters["contract"].Value = (e.Item.FindControl("chkContract") as CheckBox).Checked;
他直接就是这样来的,但是这样的语句在我自己写的程序中却不行。
cmd.CommandText = "INSERT INTO HJJCJQdataTable(DeptCode,DeptName,jqOne,jqTwo,jqAvg,jqCa) VALUES('"
+deptCode[k]+"','"+name[k]+"','"+sone[k]+"','"+stwo[k]+"','"+avg[k]+"','"+ca[k]+"')";
cmd = new SqlCommand(sql,conn);
cmd.ExecuteNonQuery();
这是一个带参数的SQL.数据库是sql2000 跟你那一样的例:UPDATE authors SET au_id = ? WHERE au_id = ?
如果au_id 是int写成 UPDATE authors SET au_id = "+参数值+" WHERE au_id = "+参数值;
如果是string UPDATE authors SET au_id = '"+参数值+"' WHERE au_id = '"+参数值+"'";