主要错误是您通过连接用户的字符串输入来构建SQL查询。

这很容易发生SQL注入攻击。

更好地使用参数化查询。



其他错误可能是所选值的问题你的DropDownList（例如，它包含字符'）。只是猜测你提供的信息很少。

The main error is you are constructing a SQL query by concatenating string input from user.
This is prone to SQL injection attacks.
Better use parameterized query.

Other error could be a problem with the selected value of your DropDownList (for example, it contains the character '). It's just a guess with the little information you are providing.

cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE FlightId ='" + flightf + "' AND SeatName ='" + DropDownList4.SelectedValue + "'";

我觉得下拉列表没有返回由于您收到错误而导致的值。因此，请确保您获得DropDownList4.SelectedValue的某些值;如果你没有得到一些价值，你可以尝试使用DropDownList4.Text或DropDownList4.SelectedItem来获取价值。

I feel that the dropdownlist is not returning the value due to which you are getting the error. So, make it sure that you are getting some value against DropDownList4.SelectedValue; if you don't get some value you can try getting value by using DropDownList4.Text or DropDownList4.SelectedItem.