CODEWITHSUNDEEP
sql
user682417
user682417

Reputation: 1518

sql updating data problem with index

I am updating the data by the following method 

class xxxxxx
{
    public static string updatepersonformData(string staffID, string Firstname, string Lastname, string Address1,
        string Address2,string Address3, string Town, string County, string Postcode, string HomePhone, string Mobile,
        string PersonalEmail, string Reference, string BookingName, string Position_Id, string Role_Id, string Gender,
        string Dob, string WorkPhone, string WorkEmail, formMain mf)
    {
        string result = xxxxxx.InsertData(string.Format(@"update staff set staff_Reference='{2}' staff_Firstname = '{3}',staff_Lastname='{4}' ,
              staffPosition_Id='{5}',staffRole_Id='{6}', staff_Dob='{7}',staff_Gender='{8}' staff_Address1 = '{9}',   
             staff_Address2='{10}',staff_Address3 ='{11}' staff_Town ='{12}',staff_County = '{13}',staff_Postcode='{14}',staff_HomePhone='{16}',
             staff_WorkPhone ='{17}',staff_Mobile ='{18}',staff_PersonalEmail ='{19}',staff_WorkEmail='{20}',staff_BookingName='{21}',WHERE staff_Id ={0}",
            staffID, Reference, Firstname, Lastname, Position_Id, Role_Id, Dob, Gender, Address1, Address2, Address3, Town, County, Postcode, HomePhone, WorkPhone,
            Mobile, PersonalEmail, WorkEmail, BookingName), mf);

        return result;
    }
}

I am calling this function in main form by using this below 

xxxxxx.updatepersonformData(tbCStaffHiddenId.Text, tbFirstname.Text, tbLastname.Text,    tbAddress1.Text, tbAddress2.Text, tbAddress3.Text, tbTown.Text,
              tbCounty.Text, tbPostcode.Text, tbHomePhone.Text, tbMobile.Text, tbPersonalEmail.Text, tbReference.Text, tbBookingName.Text, selectTextToId(cbPosition, aaPositions),
              selectTextToId(cbRole, aaRoles), cbGender.Text, tbDob.Text.ToString(), tbWorkPhone.Text, tbWorkEmail.Text, mf);

But when I am updating this one I got the error like this......

Error: "Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

Make sure your method arguments are in right form.

When converting a string to date time, parse the string to take the date before putting each variable into the date time object.

Can anyone help on this ...

Upvotes: 0

Views: 73

Answers (2)

Neville Kuyt
Neville Kuyt

Reputation: 29649

Sorry, User682417, but this is all kinds of messy.

I'm pretty sure you've got the indexing of the parameters wrong - you set 

staff_Reference='{2}'

but it's at index 1 - is it possible you need to decrement each of the indices?

Also, SQL injection. But others have said that already.

Also, in the unlikely event you're passing the date of birth in correctly, you're assuming your client and your database have the same date formatting - but Europeans usually enter dd/mm/yyyy, whilst Americans often enter mm/dd/yyyy. Great source of comedy bugs, that one.

Upvotes: 0

Mat
Mat

Reputation: 206859

You're passing 20 arguments to string.Format, but your format placehorlders go from 0 to 21 (so presumably you need 22 arguments, or you've misindexed the thing - e.g. I don't see a {15} in there). Recheck your string and arguments until that formatting error is resolved.

And you have a syntax error in your query. The should not be a , before the WHERE keyword.

(And please use bind variables if they are available on whatever system/language it is you are using, and sanitize your data, otherwise bad things will happen - google for "sql injection".)

Upvotes: 3

Related Questions