Masalah: Anda kehilangan comma
setelah location
parameter dalam kueri Anda.
Solusi: Anda perlu memisahkan parameters
menggunakan comma
.
Saran : Gunakan parameterized queries
untuk menghindari SQL Injection Attacks
.
Coba ini:
private void Update(string num,string name, string quant, string location, string category, string numquery)
{
// "UPDATE Inventory SET Inventorynumber='"+ num +"',Inventory_Name='"+name+"', Quantity ='"+ quant+"',Location ='"+ location+"' Category ='"+ category+"' WHERE Inventorynumber ='"+ numquery +"';";
string query = "UPDATE Inventory SET [email protected],[email protected]_Name, Quantity [email protected] ,Location [email protected],Category [email protected] WHERE Inventorynumber [email protected]";
if (this.OpenConnection() == true)
{
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = query;
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(num));
cmd.Parameters.AddWithValue("@Inventory_Name",name);
cmd.Parameters.AddWithValue("@Quantity",quant);
cmd.Parameters.AddWithValue("@Location",location);
cmd.Parameters.AddWithValue("@Category",category);
cmd.Parameters.AddWithValue("@Inventorynumber",Convert.ToInt16(numquery));
cmd.Connection = serverconnection;
cmd.ExecuteNonQuery();
this.CloseConnection();
Bind();
}
}