0

I want to update Basic table in my database but it doesn't generate any effect in table.
I am using following statement

sql ="UPDATE Basic SET Current_city='"+ TextBox1.Text +"',Home_Town='"+ TextBox2.Text +"';
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
Improve this question
5
  • Any exceptions thrown? What are the current contents of the Basic table?
    – Øyvind Bråthen
    Commented Apr 7, 2011 at 7:14
  • 2
    First of all, that code is prone to some nasty SQL injection. Second, its impossible to help you without some more info. Are you able to do other queries against the same database and tables?
    – Eric Lennartsson
    Commented Apr 7, 2011 at 7:16
  • ... and are they any different to the text boxes values?
    – user492238
    Commented Apr 7, 2011 at 7:16
  • I can recommend looking into using Linq2SQL, there are some good guides on Scott Guthries blog: weblogs.asp.net/scottgu/archive/2007/06/29/… This is part 3, I think there are about 19 in total.
    – Holger
    Commented Apr 7, 2011 at 7:19
  • try the solution and accept ans if it work for you
    – Pranay Rana
    Commented Apr 7, 2011 at 7:31

3 Answers 3

Reset to default
2

Please don't concatenate SQL queries. You can read about Sql Injection on Wikipedia.

Use parameters instead:

sql = "UPDATE [Basic] SET [Current_city]=@City, [Home_Town]=@Town";
cmd.Parameters.Add("@City", SqlDbType.VarChar, TextBox1.Text);
cmd.Parameters.Add("@Town", SqlDbType.VarChar, TextBox2.Text);
Improve this answer
0

Looks like, that keyworld Basic is reserved, use [Basic].

Improve this answer
0

create prameterize query as blelow will resolve your issue easily.......... if you go for the code you have written will cause sql injection attack so its better to got the parametrize query. its recommended 

   SqlCommand sqlCmd = new SqlCommand("UPDATE table SET param1 = @param1", sqlConn);

   /* Parameters */
   sqlCmd.Parameters.Add("@param1", SqlDbType.NVarChar);
   sqlCmd.Parameters["@param1"].Value = valuedata;

   try
    {
        sqlConn.Open();
        sqlCmd.ExecuteNonQuery();
    }
    catch (SqlException sqlEx)
    {
        sqlErrorLabel.Text = sqlEx.ToString();
        sqlErrorLabel.ForeColor = System.Drawing.Color.Red;
    }
    finally
    {
        sqlConn.Close();
    }
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.