OP has finally confirmed
Quote:
data type for all columns is text.
all variable value is text
and the variable contains the following
update tbl_assigntask set class='First',subject='c',teacher='JN',time='2:30:00 PM',days='Monday',subtype='Practicle',totalstud=50,batchqty=15, batchname='Batch1, ' where ID=65
As all of the columns are "text" then all of the values passed should be surrounded by single quotes so the code needs to change to
string upd12 = "update tbl_assigntask set class='" + a + "',subject='" + b + "',teacher='" + c + "',time='" + d + "',days='" + f+ "',subtype='" + g + "',totalstud='" + TextBox2.Text + "',batchqty='" + TextBox3.Text + "', batchname='" + TextBox4.Text + "' where ID='" + TextBox1.Text + "'"
The change is subtle, so to be clear the values passed in for columns
totalstud
,
batchqty
and
ID
need to be surrounded by single quotes... which is what ravikhoda said in a comment yesterday!
This problem would not have arisen if you had used
Parameterized Queries[
^]. Not only do they help prevent SQL Injection (so amusingly demonstrated by woudwijk in Solution 1) but all of that business with single quotes, column types etc is taken care of for you - I strong advise you to read up on them