SQL code for delete Row?

Question

please anyone to explain me what is the problem with following code why didn't delete Table Row.

con.Open();
SqlCommand cmd = new SqlCommand("delete from RentTable where CID = '" + ID + "' and MID = '" + MID + "' )", con);
int result = cmd.ExecuteNonQuery();
if (result == 1)
{
    Message = "succsess";
}
else
{
    Message = "!";
}
con.Close();

Answer 1

Change row with sql command creation to this:

/* look at this - no need to wrap string values with 
   apostrophes since you use parameters */
string query = "delete from RentTable where CID = @id and MID = @mid";

/* create command */
SqlCommand cmd = new SqlCommand(query);

/* set parameters */
cmd.Parameters.AddWithValue("@id", ID);
cmd.Parameters.AddWithValue("@mid", MID);

This's not only solve your problem. This'll help you to prevent problems like it in the future if you'll be using parameters instead concatenation.

PS. Also you have "succsess" misspelled if english word was meant ;)

Answer 2

your command is:

SqlCommand cmd = new SqlCommand(
    "delete from RentTable where CID = '" + ID + "' and MID = '" + MID + "' )",
    con
);

while it should be:

SqlCommand cmd = new SqlCommand(
    "delete from RentTable where CID = '" + ID + "' and MID = '" + MID + "' ", 
    con
);

(you should remove the ")" from your command)

Answer 3

75% of all these types of problems would be fixed if people loaded their queries into a string variable first then printed them out for debugging purposes :-)

You have a closing parenthesis ) at the end of your query which shouldn't be there.

Answer 4

your sql appears to have a closing brace in it without having an opening brace.

change it to

SqlCommand cmd = new SqlCommand(
     "delete from RentTable where CID = '" + ID + "' and MID = '" + MID + "'"
     , con);