0

I want to update Basic table in my database but it doesn't generate any effect in table.
I am using following statement

sql ="UPDATE Basic SET Current_city='"+ TextBox1.Text +"',Home_Town='"+ TextBox2.Text +"';
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
5
  • Any exceptions thrown? What are the current contents of the Basic table? Commented Apr 7, 2011 at 7:14
  • 2
    First of all, that code is prone to some nasty SQL injection. Second, its impossible to help you without some more info. Are you able to do other queries against the same database and tables? Commented Apr 7, 2011 at 7:16
  • ... and are they any different to the text boxes values?
    – user492238
    Commented Apr 7, 2011 at 7:16
  • I can recommend looking into using Linq2SQL, there are some good guides on Scott Guthries blog: weblogs.asp.net/scottgu/archive/2007/06/29/… This is part 3, I think there are about 19 in total.
    – Holger
    Commented Apr 7, 2011 at 7:19
  • try the solution and accept ans if it work for you Commented Apr 7, 2011 at 7:31

3 Answers 3

2

Please don't concatenate SQL queries. You can read about Sql Injection on Wikipedia.

Use parameters instead:

sql = "UPDATE [Basic] SET [Current_city]=@City, [Home_Town]=@Town";
cmd.Parameters.Add("@City", SqlDbType.VarChar, TextBox1.Text);
cmd.Parameters.Add("@Town", SqlDbType.VarChar, TextBox2.Text);
0

Looks like, that keyworld Basic is reserved, use [Basic].

0

create prameterize query as blelow will resolve your issue easily.......... if you go for the code you have written will cause sql injection attack so its better to got the parametrize query. its recommended

   SqlCommand sqlCmd = new SqlCommand("UPDATE table SET param1 = @param1", sqlConn);

   /* Parameters */
   sqlCmd.Parameters.Add("@param1", SqlDbType.NVarChar);
   sqlCmd.Parameters["@param1"].Value = valuedata;

   try
    {
        sqlConn.Open();
        sqlCmd.ExecuteNonQuery();
    }
    catch (SqlException sqlEx)
    {
        sqlErrorLabel.Text = sqlEx.ToString();
        sqlErrorLabel.ForeColor = System.Drawing.Color.Red;
    }
    finally
    {
        sqlConn.Close();
    }

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.