Hi Raj.
I would have to agree with RyanB31 on this, the above is not recommended for various reasons (the most evident has been stated already).
Have you considered using stored procedures to perform the update for you?
Stored procedures would give you a performance increase (depending on the table structure / indexes, etc.)
Example:
using System.Data.SqlClient;
private bool UpdateProfile(string Email, string FullName, string PostalAddress, string City, string State, string Country, string Pin, string Username)
{
SqlConnection SQLConn = new SqlConnection();
SqlCommand SQLCmd = new SqlCommand();
bool Result = false;
try
{
SQLConn.Close();
SQLConn.ConnectionString = "Your Connection String";
SQLConn.Open();
SQLCmd.Connection = SQLConn;
SQLCmd.CommandTimeout = 0;
SQLCmd.CommandType = CommandType.StoredProcedure;
SQLCmd.CommandText = "SP_UpdateProfile";
SQLCmd.Parameters.Add("@Email", SqlDbType.Varchar, 255).Value = Email;
SQLCmd.Parameters.Add("@FullName", SqlDbType.Varchar, 255).Value = FullName;
SQLCmd.Parameters.Add("@PostalAddress", SqlDbType.Varchar, 255).Value = PostalAddres;
SQLCmd.Parameters.Add("@City", SqlDbType.Varchar, 255).Value = City;
SQLCmd.Parameters.Add("@State", SqlDbType.Varchar, 255).Value = State;
SQLCmd.Parameters.Add("@Country", SqlDbType.Varchar, 255).Value = Country;
SQLCmd.Parameters.Add("@Pin", SqlDbType.Varchar, 255).Value = Pin;
SQLCmd.Parameters.Add("@Username", SqlDbType.Varchar, 255).Value = Username;
if (SQLCmd.ExecuteNonQuery() > 0)
{
Result = true;
}
return Result;
}
catch (SqlException Ex)
{
return Result;
}
finally
{
SQLConn.Close();
SQLConn.Dispose();
SQLCmd.Dispose();
}
}
if (UpdateProfile(TextBox2.Text, TextBox3.Text, TextBox4.Text, TextBox5.Text, TextBox6.Text, TextBox7.Text, TextBox8.Text, TextBox9.Text))
{
Console.WriteLine("Record Updated");
}