CommentID = Request.Form["ID"];
content = Request.Form["txtcontent"];
title = Request.Form["title"];
string strSQL = ""; strSQL = "update tablename set content='" + content + "',title='" + title + "'where ID=" + CommentID;
Common.SqlHelper.ExecuteSql(Common.SqlHelper.YCSqlServer, strSQL);
Request.Form["TEXTAREA2"]里的值为<img src='http://images.qwsy.com/images/faces/005.gif' border='0' />拼出来的语句为:update YC_tablename set content='<img src='http://images.qwsy.com/images/faces/005.gif' border='0' />
',title='来看童~'where CommentID=580
所以在执行sql语句的时候肯定会出语法错误
求解决方案!
content = Request.Form["txtcontent"];
title = Request.Form["title"];
string strSQL = ""; strSQL = "update tablename set content='" + content + "',title='" + title + "'where ID=" + CommentID;
Common.SqlHelper.ExecuteSql(Common.SqlHelper.YCSqlServer, strSQL);
Request.Form["TEXTAREA2"]里的值为<img src='http://images.qwsy.com/images/faces/005.gif' border='0' />拼出来的语句为:update YC_tablename set content='<img src='http://images.qwsy.com/images/faces/005.gif' border='0' />
',title='来看童~'where CommentID=580
所以在执行sql语句的时候肯定会出语法错误
求解决方案!
CommentID = Request.Form["ID"];
content = Request.Form["txtcontent"];
title = Request.Form["title"];
string strSQL = "";strSQL = "update tablename set content='" + content.replace("'","''") + "',title='" + title.replace("'","''") + "' where ID=" + CommentID;
Common.SqlHelper.ExecuteSql(Common.SqlHelper.YCSqlServer, strSQL);
update YC_tablename set content=''<img src=''http://images.qwsy.com/images/faces/005.gif'' border='0' />
'',title=''来看童~''where CommentID=580
update YC_tablename set content='<img src=''http://images.qwsy.com/images/faces/005.gif'' border=''0'' />
',title='来看童'where CommentID=580
换成这个就可以了