Click here to Skip to main content
15,885,244 members
Search within:


unable to update filed lastlogin
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
login.cs

C#
boolReturnValue = true;
Session["UserId"] = dt.Rows[0]["Id"].ToString();
string updateLastLogin = "UPDATE [User] SET LastLogon = GETDATE() where Id= @UserId";
dbClass.ConnectDataBaseToInsert(updateLastLogin);


error comes
Must declare the scalar variable "@UserId".
Posted
Updated 14-Apr-11 0:39am
v2
Add a Solution

4 solutions

Without seeing your dbClass definition, it is difficult to be precise, but I would add an overload:
dbClass.ConnectDataBaseToInsert(updateLastLogin, "@userID", Session["UserId"]);
unless your class already has a method set up for adding properties.
Please, do not convert this to a concatenated string as it leave you wide open for an SQL Injection attack via the user ID.
 
Share this answer
 
Posted
Comments
BobJanova 14-Apr-11 9:11am    
Or, dbClass.UpdateLastLogon(Session["UserId"]). That method, of course, should build a parameterised query, as should the one in your proposal.
OriginalGriff 14-Apr-11 9:17am    
Good idea!
Where have you defined @UserId, since it is a single line string query, you need to put value instead of @UserId.

It should be like
C#
string updateLastLogin = "UPDATE [User] SET LastLogon = GETDATE() where Id= " + Session["UserId"].ToString();
 
Share this answer
 
Posted
Comments
OriginalGriff 14-Apr-11 6:44am    
Bad idea! The whole idea of using Parametrized queries is to avoid an SQL injection attack, not make it easier!
Wild-Programmer 15-Apr-11 5:28am    
I know its bad idea. I was just correcting OP's code ;) with his approach.
you're getting the error because you're referencing @UserId even though it hasn't been declared. As you're using your own data access layer I'd replace the @UserId with the Id value you put in Session on the previous line.
 
Share this answer
 
Posted 
bool ReturnValue = true;
Session["UserId"]=dt.Rows[0]["Id"].ToString();
string updateLastLogin = "Update [User] SET LastLogon=getdate() where ID = " + Session["UserId"].ToString();
dbClass.ConnectDataBaseToInsert(updateLastLogin)
 
Share this answer
 
Posted
Comments
OriginalGriff 14-Apr-11 7:03am    
Bad idea! The whole idea of using Parametrized queries is to avoid an SQL injection attack, not make it easier!
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Unable to run a .bat file
Unable to update auto-refresh reference
Unable to update Visual Studio SP1
Unable to FileUpload in update panel
Unable to print the file in a for loop and update the array contents
SQL Query data not updating in the Excel Sheet - Unable to Read File
unable to add/update connection string in app.config
Unable to upload files to a folder in asp.net
Unable to upload files in ftp
Microsoft.sharepoint.client update file metadata

Advertise
Privacy
Cookies
Terms of Use
Last Updated 14 Apr 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900