Click here to Skip to main content
15,867,756 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
When I run my program it shows bellow error message :

Dynamic SQL generation for the Update Command is not supported against a SelectCommand that does not return any key column information.'


well , I tried to change code so if I change to this:

dt.AcceptChanges();
da.Update(dt);

it doesn't show error message but changes had no taken to the database.
Please help me.

What I have tried:

using (SqlConnection dbcon = new SqlConnection(clsmain.connection_str))
{
string querystring = "select * from tblmain where ticker='" + ticker_str + "'";
using (SqlDataAdapter da = new SqlDataAdapter())
{
da.SelectCommand = new SqlCommand(querystring, dbcon);
SqlCommandBuilder objCommandBuilder = new SqlCommandBuilder(da);
using (DataTable dt = new DataTable())
{
if (dbcon.State == ConnectionState.Closed) dbcon.Open();
int countofrecords = da.Fill(dt);
.
. // my code for change data is here
. // for example::
. // dt.Rows[i]["avgloss"]=10.22;
.
if (dbcon.State == ConnectionState.Closed) { dbcon.Open(); }
da.Update(dt);
}
}
}
Posted
Updated 29-May-18 14:02pm
Comments
Richard Deeming 31-May-18 14:16pm    
string querystring = "select * from tblmain where ticker='" + ticker_str + "'";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

1 solution

You're using a "SELECT *" om your SelectCommand. DO NOT DO THIS. Spell out each column you want, making sure you also return the primary key column of the table your executing the SELECT on.

Without the columns spelled out and the primary key column in that list, the SqlCommandBuilder cannot build the INSERT, UPDATE, and DELETE SQL statements for these operations.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900