Nik
Reputation: 1
Problem in updating database table in asp.net using c#
I want to update Basic table in my database but it doesn't generate any effect in table.
I am using following statement
sql ="UPDATE Basic SET Current_city='"+ TextBox1.Text +"',Home_Town='"+ TextBox2.Text +"';
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Upvotes: 0
Views: 895
Answers (3)
Pranay Rana
Reputation: 176956
create prameterize query as blelow will resolve your issue easily.......... if you go for the code you have written will cause sql injection attack so its better to got the parametrize query. its recommended
SqlCommand sqlCmd = new SqlCommand("UPDATE table SET param1 = @param1", sqlConn);
/* Parameters */
sqlCmd.Parameters.Add("@param1", SqlDbType.NVarChar);
sqlCmd.Parameters["@param1"].Value = valuedata;
try
{
sqlConn.Open();
sqlCmd.ExecuteNonQuery();
}
catch (SqlException sqlEx)
{
sqlErrorLabel.Text = sqlEx.ToString();
sqlErrorLabel.ForeColor = System.Drawing.Color.Red;
}
finally
{
sqlConn.Close();
}
Upvotes: 0
Alessandro
Reputation: 3760
Please don't concatenate SQL queries. You can read about Sql Injection on Wikipedia.
Use parameters instead:
sql = "UPDATE [Basic] SET [Current_city]=@City, [Home_Town]=@Town";
cmd.Parameters.Add("@City", SqlDbType.VarChar, TextBox1.Text);
cmd.Parameters.Add("@Town", SqlDbType.VarChar, TextBox2.Text);
Upvotes: 2
Related Questions
- Update statement issue in ASP.Net website
- Exception Error in trying to update database using asp.net
- SQL update is not working in asp.net with C#
- Why I can't update my SQL Server table using this code?
- Updating Table in asp.net
- Update database in asp.net not working
- SQL Database Updating not working
- Trying to update table in sql server but not working
- Updating a database table
- Database Update