Delete and Update is not working.

Question

0.00/5 (No votes)

See more:

using following code I want to delete and update but its not working.

Table

SQL

CREATE TABLE [dbo].[Telephone] (
    [FName]    VARCHAR (50) NULL,
    [LName]    VARCHAR (50) NULL,
    [Mobile]   VARCHAR (50) NULL,
    [Email]    VARCHAR (50) NULL,
    [Category] VARCHAR (50) NULL
);

Code

C#

private void btn_delete_Click(object sender, EventArgs e)
        {
            con.Open();
            SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= ' " + txt_fname.Text + " ')", con);
            cmd.ExecuteNonQuery();
            con.Close();

            MessageBox.Show("Contact Deleted...");

            Display();
         }


 private void btn_update_Click(object sender, EventArgs e)
        {
            con.Open();
            SqlCommand cmd = new SqlCommand("UPDATE Telephone set FName = '" +txt_fname.Text.Trim()+ "', LName= '" +txt_lname.Text.Trim()+ "', Email = '" +txt_email.Text.Trim()+ "', Category = '" +cmb_category.Text.Trim()+ "' where (Mobile= '" + txt_mobile.Text.Trim() + "')", con);
            cmd.ExecuteNonQuery();
            con.Close();
            
            MessageBox.Show("Contact Updated...");
            
            Display();
        }

Posted 9-Sep-15 23:23pm

Rohitk2409

Add a Solution

Comments

Richard MacCutchan 10-Sep-15 5:33am

1. Do not use string concatenation in SQL statements; use proper parameterised queries.
2. Do not display success messages without checking that the operation actually succeeded.

Amit Jadli 10-Sep-15 5:45am

What is the error???

Andy Lanng 10-Sep-15 5:49am

no error - OP has whitespace around the parameter.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Andy Lanng · Accepted Answer · 2015-09-09T23:48:00

First, a warning:

What if I typed this into your txt_fname?
');delete telephone;--
Any idea what that might do to your data?

This is called SQL Injection and your code is wide open to it. Use parameterised queries instead. That will protect you from evil:

C#

SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= @fname)", con);
cmd.Parameters.Add(new SqlParameter("@fname",SqlDbType.VarChar){Value=txt_fname.Text}));

On with your question.
I assume you don't get any error messages so you have to add more debug info, like this:

C#

private void btn_delete_Click(object sender, EventArgs e)
        {
            con.Open();
            SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= @fname)", con);
            cmd.Parameters.Add(new SqlParameter("@fname",SqlDbType.VarChar){Value=txt_fname.Text}));
            int rowsAffected = cmd.ExecuteNonQuery();
            con.Close();
 
            if(rowsAffected==1)
                MessageBox.Show("Contact Deleted...");
            else
                MessageBox.Show(string.Format("Problem with delete: {0} records deleted.\n Query:'{1}', Parameter @fname='{2}'",rowsAffected,cmd.CommandText,txt_fname.Text));
 
            Display();
         }

If zero or more that one records are updated then the message should read:

Problem with delete: 0 records deleted.
Query:'DELETE from Telephone where (FName= @fname)',  "Parameter @fname='SomeTextThatDidn'tWork'

PS: also, your query has whitespace around the parameter:

SQL

"FName= ' " + txt_fname.Text + " ')"
"FName= '" + txt_fname.Text + "')"

Using parameters will prevent this also