何时更新SQL Server表中受影响的两行

When update two rows affected in SQL server table

可以猜测2条记录符合条件。

--- -

哇，你在这个上面我的想法！

您正在使用带参数的存储过程，它可以保护您免受SQL注入，只能构建一个查询来自在使用字符串连接的过程中，这使得过程容易受到SQL注入。

One can guess that 2 records match the condition.
-----
Whoa, you blow my mind on this one !
You are using a stored procedure with parameters, which protect you from SQL injection, only to build a query from inside the procedure with string concatenation which make the procedure vulnerable to SQL injection.

SET @sqlQuery = 'UPDATE dbo.tbl_farmerregistration_' + @originname + ' SET farmerseason = ''' + @farmerseason + ''', 
dateofjoinseco = ''' + @dateofjoinseco + ''', governmentcode =''' + @governmentcode + ''', firstname = ''' + @firstname + ''', 
lastname = ''' + @lastname + ''', surname = ''' + @surname + ''', gender = ''' + @gender + ''', dateofbirth = ''' + @dateofbirth + ''', 
birthlocation = ''' + @birthlocation + ''', fathername = ''' + @fathername + ''', mothername = ''' + @mothername + ''', 
village = ''' + @village + ''', currentyearcooperative = ''' + @currentyearcooperative + ''', 
phonenumber = ''' + @phonenumber + ''', observation = ''' + @observation +''', nooffarms = ''' + @nooffarms + ''', produtionestimation = ''' + @productionestimation + ''', 
otherdetails = ''' + @otherdetails + ''',previouscropsdetails = ''' + @previouscropsdetails + ''', 
updatedby = ''' + @updatedby + ''', updateddate = GETDATE() 
WHERE farmerctscode = ''' + @farmerctscode + '''' 

不是你问题的解决方案，而是另一个你有问题。

永远不要通过连接字符串来构建SQL查询。迟早，您将使用用户输入来执行此操作，这会打开一个名为SQL注入的漏洞，这对您的数据库很容易并且容易出错。

名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃，那么这是一个SQL注入漏洞，崩溃是最少的问题，恶意用户输入，并且它被提升为具有所有凭据的SQL命令。

SQL注入 - *** [ ^ ]

SQL注入 [ ^ ]

按示例进行SQL注入攻击 [ ^ ]

PHP：SQL注入 - 手册 [ ^ ]

SQL注入预防备忘单 - OWASP [ ^ ]

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]

这很简单。你的表中有两行与UPDATE语句中的WHERE子句匹配。



farmerctscode，显然，它没有UNIQUE约束，也没有它是表中记录的IDENTITY列。



表中的每条记录都应该有一个唯一值来标识表中的每一行，以便执行任何操作使用WHERE子句指定ID值将仅修改该记录。

It's rather simple. You had two rows in your table that matched the WHERE clause in your UPDATE statement.

"farmerctscode", apparently, does not have a UNIQUE constraint on it, nor is it an IDENTITY column for the records in the table.

Every record in the table should have a unique value identifying each and every row in the table so that any operation performed with a WHERE clause specifying that ID value will modify only that one record.