Problem in updating database table in asp.net using c#_问答_开发者

Problem in updating database table in asp.net using c#

开发者 https://www.devze.com 2023-02-22 21:42 出处：网络

I want to update Basic table in my database开发者_StackOverflow中文版 but it doesn\'t generate any effect in table.

相关专题：asp.net

I want to update Basic table in my database开发者_StackOverflow中文版 but it doesn't generate any effect in table.

I am using following statement

sql ="UPDATE Basic SET Current_city='"+ TextBox1.Text +"',Home_Town='"+ TextBox2.Text +"';
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();

Please don't concatenate SQL queries. You can read about Sql Injection on Wikipedia.

Use parameters instead:

sql = "UPDATE [Basic] SET [Current_city]=@City, [Home_Town]=@Town";
cmd.Parameters.Add("@City", SqlDbType.VarChar, TextBox1.Text);
cmd.Parameters.Add("@Town", SqlDbType.VarChar, TextBox2.Text);

Looks like, that keyworld Basic is reserved, use [Basic].

create prameterize query as blelow will resolve your issue easily.......... if you go for the code you have written will cause sql injection attack so its better to got the parametrize query. its recommended

   SqlCommand sqlCmd = new SqlCommand("UPDATE table SET param1 = @param1", sqlConn);

   /* Parameters */
   sqlCmd.Parameters.Add("@param1", SqlDbType.NVarChar);
   sqlCmd.Parameters["@param1"].Value = valuedata;

   try
    {
        sqlConn.Open();
        sqlCmd.ExecuteNonQuery();
    }
    catch (SqlException sqlEx)
    {
        sqlErrorLabel.Text = sqlEx.ToString();
        sqlErrorLabel.ForeColor = System.Drawing.Color.Red;
    }
    finally
    {
        sqlConn.Close();
    }