CODEWITHSUNDEEP
c#
mercy
mercy

Reputation: 1

A first chance exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll

private void button3_Click(object sender, EventArgs e)
    {
        if (MessageBox.Show(this, "Do you want to delete?", "Delete Record", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
        {
            executeQueryDB("DELETE FROM student_biodata WHERE std_matric_no='" + txtmatric.Text + "'", "Record Deleted successfully!");
            GetData();
        }
        else
        {

        }
    }

    private void button2_Click(object sender, EventArgs e)
    {
        executeQueryDB("UPDATE student_biodata SET std_lastname=" + txtlastname.Text + " std_firstname=" + txtfirstname.Text + "std_phone_no=" + txtphoneno.Text + " std_gender=" + txtgender.Text + " std_previousQND=" + txtpreviousqnd.Text + " std_DOB= " + txtdob.Text + " std_address=" + txtaddress .Text + " std_programme=" + txtprogramme .Text + " std_session=" + txtsession .Text + "std_faculty=" + txtfaculty .Text + " std_department=" + txtdepartment .Text + " std_email=" + txtemail .Text + "  std_top='" + txttop .Text + "'  WHERE std_matric_no=' + txtmatric .Text +' ","Student Data Update successfully!");
        GetData();
    }

    private void button1_Click(object sender, EventArgs e)
    {
        executeQueryDB ("INSERT INTO student_biodata (std_matric_no, std_lastname, std_firstname, std_phone_no, std_gender, std_previous_QND, std_DOB, std_address, std_programme, std_session, std_faculty, std_department, std_email, std_top) VALUES("+ txtmatric.Text + "," + txtlastname.Text + "," + txtfirstname.Text + "," + txtphoneno.Text+ "," + txtgender.Text + ",'" + txtpreviousqnd.Text + "'," + txtdob.Text + "," + txtaddress.Text + "," + txtprogramme.Text + "," + txtsession.Text + "," + txtfaculty.Text + "," + txtdepartment.Text + "," + txtemail.Text + "," + txttop.Text +") ","Student Data Added Successfully!");
    GetData();
    }
    private void GetData()
    {
        OpenConnection ();
       sql ="SELECT * FROM student_biodata";
        cmd =new MySqlCommand (sql,cn);
        da .SelectCommand =cmd ;
        tb =new DataTable ();
        da.Fill (tb);
        dataGridView1 .DataSource =tb.DefaultView ;
        CloseConnection ();
    }

I'm getting the following exception in button2_Click

A first chance exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll

Upvotes: 0

Views: 1775

Answers (1)

sujith karivelil
sujith karivelil

Reputation: 29006

The main issue is the approach, you are using plain text queries which is the worst method as it opens a wide door for SQL Injection attacks. You can avoid them by using parametrized queries. Another thing is the syntax error that you made while building the Update query. you missed the comma in between column names.

You have to form the parametrized Update query like this(let command be the command):

command.Text = "UPDATE student_biodata SET std_lastname= @lname, std_firstname= @fname  WHERE std_matric_no=@no";
// Include column name and values as per your needs
command.Parameters.AddWithValue("@lname", txtLastName.Text);
command.Parameters.AddWithValue("@fname  ", txtFirstName.Text);
command.Parameters.AddWithValue("@no", matricNo);
command.ExecuteNonQuery();

Upvotes: 1

Related Questions