小白望各位大蝦幫忙解答 UPDATE 语句的语法异常_ASP.NET

小白求助望各位大蝦幫忙解答 UPDATE 语句的语法错误。
;string name = Session["sname"].ToString();
OleDbConnection con = db.con();
con.Open();
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = (OleDbConnection)con;
cmd.CommandText = "update Student set password=@password ,specialtyID=@specialtyID where Sname='" + name + "'";

cmd.Parameters.Add("@password", SqlDbType.DateTime);
cmd.Parameters.Add("@specialtyID", SqlDbType.Money);

cmd.Parameters["@password"].Value = this.txxpwd.Text;
cmd.Parameters["@specialtyID"].Value = this.DropDownList1.SelectedItem.Text;

cmd.ExecuteNonQuery();
con.Close();
Response.Write("<script language='javascript'>alert('修改成功')</script>");
}
}
求解正確的語法

------解决方案--------------------------------------------------------

C# code

cmd.CommandText = "update Student set password='@password' ,specialtyID=@specialtyID where Sname='" + name + "'";
------解决方案--------------------------------------------------------
update Student set password=@password ,specialtyID=@specialtyID where Sname='" + name + "'"


如果password是nvarchar类型的，name改为
update Student set password='@password' ,specialtyID=@specialtyID where Sname='" + name + "'"
------解决方案--------------------------------------------------------
你要么全用参数化，要么全用拼接

小白 望各位大蝦 幫忙解答 UPDATE 语句的语法异常

小白望各位大蝦幫忙解答 UPDATE 语句的语法异常