Update 'tbl_field' 

我认为这应该是......

I think this should be...

Update tbl_field 

试试这个

try this

string updateQuery = "USE " + db + " Update tbl_field SET Table_Name= replace(Table_Name, '" + oldname + "', '" + newname + "')";

但是在c＃中构建一个sql语句很容易出现 SQL注入攻击，如果你得到的话来自用户的输入值，而不是你应该使用SQL参数

参考这些文章



SQL注入 [ ^ ]

SQL注入攻击以及如何防范它们的一些技巧 [ ^ ]

SQL注入预防备忘单 - OWASP [ ^ ]

but framing an sql statement in c# is prone to SQL injection attacks, if you are getting the input values from user, instead you should use SQL Parameters
refer these articles

SQL Injection[^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]

如果你想使用它数据库，你有一个连接字符串然后为什么要使用'use'语句，基本上它用于将数据库上下文更改为SQL Server中的指定数据库或数据库快照。删除'使用'并重试

if you want to use same database and you have a connection string then why to use 'use' statement, basically it use to Changes the database context to the specified database or database snapshot in SQL Server. remove 'use' and try again