Click here to Skip to main content
15,884,298 members
Search within:


How can I convert this into varchar value in C#?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
While I was trying to execute this code and suddenly fill up the textbox fields then when I clicked the update button, a SqlException was unhandled appeared and say "Conversion failed when converting the varchar value 'System.Windows.Forms.TextBox, Text:12345'to data type int. And cmd.ExecuteNonQuery(); was highlighted. I hope someone helped me solving this problem. I don't know what I am going to do.

SqlConnection sqlcon = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\john\\Documents\\Visual Studio 2010\\Projects\\Login\\Login\\dblogin.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
sqlcon.Open();
SqlCommand cmd = new SqlCommand("update tbl_employee set Firstname='" + textBox2 + "' where Employee_ID='" + textBox1 + "'");
cmd.Connection = sqlcon;
cmd.ExecuteNonQuery();
sqlcon.Close();
MessageBox.Show("Record has been updated Successfully");

What I have tried:

I tried to declare the cmd connection which was equals to sqlcon but it is not yet working. How it works?
Posted
Updated 2-May-19 1:30am
Add a Solution

3 solutions

C#
SqlCommand cmd = new SqlCommand("update tbl_employee set Firstname='" + textBox2 + "' where Employee_ID='" + textBox1 + "'");

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
The other answer will WORK, but I can erase your database if you do that.

In general, life is prettier with Entity Framework, but if you must work this way, please read this:

Lesson 06: Adding Parameters to Commands - C# Station[^]

Also your SQLConnection impliments IDisposable and should be in a using statement
 
Share this answer
 
Posted
v2
Comments
Nirav Prabtani 2-May-19 2:45am    
Compensated down-vote !!
Christian Graus 2-May-19 4:05am    
I didn't downvote you, moron. I just pointed out you were wrong. Any program using your solution is easily hacked and the DB easily destroyed. Read the link I posted.
CHill60 2-May-19 4:31am    
I think Nirav gave you a 5 to compensate for whoever gave you the 2
Nirav Prabtani 2-May-19 4:38am    
I am not saying you downvoted my answer, Someone downvoted your answer so I have compensated your answer by voting it by 5+
Christian Graus 2-May-19 4:34am    
Perhaps. I don't care about the scoring system TBH. I was mostly concerned someone was giving bad advice that seemed to be getting followed.
This is a quick mock up of how I would rewrite this. There are several changes done.

1. Validate. Check to make sure your text-boxes are filled and contain valid data
2. using block. This makes sure that your SqlConnection is disposed of properly
3. Parameterization. This is the best way to avoid SQL Injection
4. Evaluation. Check how many rows were actually affected by your SQL Command

C#
int RowsAffected = -1;
string MessageboxContent = string.Empty;

int EmployeeID = -1;
string Firstname = textBox2.Trim();

// rudimentary validation to make sure you have valid values
if ((int.TryParse(textBox1, out EmployeeID) && (Firstname.length > 0)) { 

  using (SqlConnection sqlcon = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\john\\Documents\\Visual Studio 2010\\Projects\\Login\\Login\\dblogin.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True")) {
    sqlcon.Open();

    SqlCommand cmd = new SqlCommand("UPDATE tbl_employee SET Firstname= @Firstname WHERE Employee_ID= @EmployeeID", sqlcon);
    cmd.Parameters.AddWithValue("@Firstname", Firstname);
    cmd.Parameters.AddWithValue("@EmployeeID", EmployeeID);

    RowsAffected = cmd.ExecuteNonQuery();
    sqlcon.Close();
  }
}

switch (RowsAffected) {
  case -1: MessageboxContent = "Invalid data entereed"; break;
  case 0: MessageboxContent = "Employee not found, record not updated";
  case -1: MessageboxContent = "Record has been updated Successfully";
  default: MessageboxContent = string.Format("Error: {0} records updated", RowAffected); break;
}

MessageBox.Show(MessageboxContent);
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Convert varchar to numeric ms SQL
Convert int to varchar
Conversion failed when converting the varchar value '@' to data type int.
Read hex values from a file in C and convert them to 16bits
Error converting VarChar into Int
Convert varchar to int in a where clause
Erro converting varchar to float
Error converting datatype varchar to int
Error Conversion failed when converting the varchar value 'System.Web.UI.WebControls.TextBox' to data type int.
Error converting varchar to numeric

Advertise
Privacy
Cookies
Terms of Use
Last Updated 2 May 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900