How to UPDATE a database table instantly using C# ?

Question

0.00/5 (No votes)

See more:

I have written the following code to update my project's "Courses" table. But its not working. Please suggest me, whats wrong I'm doing..

What I have tried:

private void Updating()
{
try
{
string ConnectionString = @"Data Source= D3ll\SQLEXPRESS; Initial Catalog=GMS; Integrated Security=True";
SqlConnection Connection = new SqlConnection(ConnectionString);
Connection.Open();
string Query = "UPDATE Courses SET Title='" + TitleTextBox.Text + "', Fee='" + FeeTextBox.Text + "', Description='" + DescriptionTextBox.Text + "' WHERE CourseID='" + CourseIDTextBox.Text + "'";
SqlCommand Command = new SqlCommand(Query, Connection);
Command.ExecuteNonQuery();
Connection.Close();
}
catch (Exception ex)
{
MessageBox.Show("Oops!! Something is wrong!!");
}
}

Posted 27-Jul-16 22:44pm

pinGOL2305

Updated 28-Jul-16 1:04am

Add a Solution

Comments

Beginner Luck 28-Jul-16 4:59am

I love to sql injection your sql query. please fix that first

pinGOL2305 28-Jul-16 6:05am

Please help me to prevent SQL injection. I don't have enough knowledge about but just know the name of that attack. I'm a beginner..
Please, help me!!

vatsa_gaurav 28-Jul-16 7:11am

Use Paramaters and better to write it in stored Proc

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2016-07-27T23:01:00

Loads of things!
The first and biggest, is this: never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

The second is: we don't know - we don't have access to your data, so we can't tell.
But you do, and you have tools to help you work out what the problems is.
Start by putting a breakpoint on the line:

C#

MessageBox.Show("Oops!! Something is wrong!!");

And change the line:

C#

Command.ExecuteNonQuery();

To:

C#

int count = Command.ExecuteNonQuery();

And put a breakpoint on this line as well:

C#

Connection.Close();

Now run your app in the debugger, and see which breakpoint it reaches.
If it gets the to MessageBox, then look at ex and it's Message, InnerException and see exactly what they say.
If it gets to the Connection.Close, then look at what is in count. Is it 1? Or is it 0? The return value is the number of rows the command affected, so if it's one then it worked and you need to look elsewhere. If it's zero, then it probably means that your WHERE clause didn't match any rows - so start looking at the values you pass to SQL.

We can't do any of that for you, but it should be pretty simple for you to do, and see what you get.

pinGOL2305 · Answer 2 · 2016-07-28T01:04:00

I have successfully resolved that by following code;

C#

private void Updating()
        {
            try
            {
                string connectionString = @"Data Source= D3ll\SQLEXPRESS; Initial Catalog=GMS; Integrated Security=True";
                SqlConnection Connection = new SqlConnection(connectionString);
                SqlCommand Command = new SqlCommand();
                Command.Connection = Connection;
                Connection.Open();
                Command.CommandText = "UPDATE Courses SET Title = @ttl, Fee = @fe, Description= @dscptn WHERE CourseID = @id";

                Command.Parameters.AddWithValue("@ttl", TitleTextBox.Text);
                Command.Parameters.AddWithValue("@fe", FeeTextBox.Text);
                Command.Parameters.AddWithValue("@dscptn", DescriptionTextBox.Text);
                Command.Parameters.AddWithValue("@id", CourseIDTextBox.Text);
                int NEW = Command.ExecuteNonQuery();
                Connection.Close();

                MessageBox.Show("!! (" + NEW + ") new Course Information has been UPDATED successfully!!");

                if (NEW > 0)
                    ClearText();

            }
            catch (Exception ex)
            {
                MessageBox.Show("Oops!! Something is wrong!!");
            }
        }

How to UPDATE a database table instantly using C# ?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0