Problem: Ihnen fehlt das comma
nach location
Parameter in Ihrer Abfrage.
Lösung: Sie müssen die parameters
trennen mit einem comma
.
Vorschlag : Verwenden Sie parameterized queries
um SQL Injection Attacks
zu vermeiden .
Versuchen Sie Folgendes:
private void Update(string num,string name, string quant, string location, string category, string numquery)
{
// "UPDATE Inventory SET Inventorynumber='"+ num +"',Inventory_Name='"+name+"', Quantity ='"+ quant+"',Location ='"+ location+"' Category ='"+ category+"' WHERE Inventorynumber ='"+ numquery +"';";
string query = "UPDATE Inventory SET [email protected],[email protected]_Name, Quantity [email protected] ,Location [email protected],Category [email protected] WHERE Inventorynumber [email protected]";
if (this.OpenConnection() == true)
{
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = query;
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(num));
cmd.Parameters.AddWithValue("@Inventory_Name",name);
cmd.Parameters.AddWithValue("@Quantity",quant);
cmd.Parameters.AddWithValue("@Location",location);
cmd.Parameters.AddWithValue("@Category",category);
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(numquery));
cmd.Connection = serverconnection;
cmd.ExecuteNonQuery();
this.CloseConnection();
Bind();
}
}