Проблем: Липсва ви comma
след location
параметър във вашата заявка.
Решение: Трябва да отделите parameters
използвайки comma
.
Предложение: Използвайте parameterized queries
за да избегнете SQL Injection Attacks
.
Опитайте това:
private void Update(string num,string name, string quant, string location, string category, string numquery)
{
// "UPDATE Inventory SET Inventorynumber='"+ num +"',Inventory_Name='"+name+"', Quantity ='"+ quant+"',Location ='"+ location+"' Category ='"+ category+"' WHERE Inventorynumber ='"+ numquery +"';";
string query = "UPDATE Inventory SET [email protected],[email protected]_Name, Quantity [email protected] ,Location [email protected],Category [email protected] WHERE Inventorynumber [email protected]";
if (this.OpenConnection() == true)
{
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = query;
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(num));
cmd.Parameters.AddWithValue("@Inventory_Name",name);
cmd.Parameters.AddWithValue("@Quantity",quant);
cmd.Parameters.AddWithValue("@Location",location);
cmd.Parameters.AddWithValue("@Category",category);
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(numquery));
cmd.Connection = serverconnection;
cmd.ExecuteNonQuery();
this.CloseConnection();
Bind();
}
}