Click here to Skip to main content
15,867,756 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I want to update sql table but the values are not updating

here is my code:



C#
string qry2 = "Update MyProfile Set Email='"+TextBox2.Text+"',FullName='"+TextBox3.Text+"',PostalAddress='"+TextBox4.Text+"',City='"+TextBox5.Text+"',State='"+TextBox6.Text+"',Country='"+TextBox7.Text+"',Pin='"+TextBox8.Text+"' Where UserName='Amit'";   
cmd = new SqlCommand(qry2, con);
cmd.ExecuteNonQuery();
Posted
Updated 30-Jan-12 9:14am
v3
Comments
ZurdoDev 30-Jan-12 15:43pm    
First of all, I hope this is not the real code because you are extremely exposed to SQL injections. Also, do you get an error?

Hi Raj.

I would have to agree with RyanB31 on this, the above is not recommended for various reasons (the most evident has been stated already).

Have you considered using stored procedures to perform the update for you?
Stored procedures would give you a performance increase (depending on the table structure / indexes, etc.)

Example:

C#
using System.Data.SqlClient;

private bool UpdateProfile(string Email, string FullName, string PostalAddress, string City, string State, string Country, string Pin, string Username)
{
 SqlConnection SQLConn = new SqlConnection();
 SqlCommand SQLCmd = new SqlCommand();
 bool Result = false;

 try
 {
   SQLConn.Close();
   SQLConn.ConnectionString = "Your Connection String";
   SQLConn.Open();

   SQLCmd.Connection = SQLConn;
   SQLCmd.CommandTimeout = 0;
   SQLCmd.CommandType = CommandType.StoredProcedure;
   SQLCmd.CommandText = "SP_UpdateProfile";

   SQLCmd.Parameters.Add("@Email", SqlDbType.Varchar, 255).Value = Email;
   SQLCmd.Parameters.Add("@FullName", SqlDbType.Varchar, 255).Value = FullName;
   SQLCmd.Parameters.Add("@PostalAddress", SqlDbType.Varchar, 255).Value = PostalAddres;
   SQLCmd.Parameters.Add("@City", SqlDbType.Varchar, 255).Value = City;
   SQLCmd.Parameters.Add("@State", SqlDbType.Varchar, 255).Value = State;
   SQLCmd.Parameters.Add("@Country", SqlDbType.Varchar, 255).Value = Country;
   SQLCmd.Parameters.Add("@Pin", SqlDbType.Varchar, 255).Value = Pin;
   SQLCmd.Parameters.Add("@Username", SqlDbType.Varchar, 255).Value = Username;

   if (SQLCmd.ExecuteNonQuery() > 0)
   {
      Result = true;
   }

   return Result;
 }
 catch (SqlException Ex)
 {
    // Insert Logging Here
   return Result;
 }
 finally
 {
   SQLConn.Close();
   SQLConn.Dispose();
   SQLCmd.Dispose();
 }
}

//Execute Above Method
if (UpdateProfile(TextBox2.Text, TextBox3.Text, TextBox4.Text, TextBox5.Text, TextBox6.Text, TextBox7.Text, TextBox8.Text, TextBox9.Text))
{
   Console.WriteLine("Record Updated");
}
 
Share this answer
 
Comments
Pr!y@ 30-Jan-12 16:26pm    
Thanks Naicker Sir,
Tech Code Freak 31-Jan-12 0:30am    
5up!
C#
SqlCommand abc = new SqlCommand("Update MyProfile Set Email=@email,FullName=@name,PostalAddress=@add,City=@city,State=@state,Country=@country,Pin=@pin Where UserName=@user",con);
abc.Parameters.Add("@email", SqlDbType.columntype).Value = TextBox2.Text;
abc.Parameters.Add("@name", SqlDbType.columntype).Value = TextBox3.Text;
abc.Parameters.Add("@add", SqlDbType.columntype).Value = TextBox4.Text;
abc.Parameters.Add("@city", SqlDbType.columntype).Value = TextBox5.Text;
abc.Parameters.Add("@state", SqlDbType.columntype).Value = TextBox6.Text;
abc.Parameters.Add("@country", SqlDbType.columntype).Value = TextBox7.Text;
abc.Parameters.Add("@pin", SqlDbType.columntype).Value = TextBox8.Text;
abc.Parameters.Add("@user", SqlDbType.columntype).Value = "Amit";
con.Open();
abc.ExecuteNonQuery();
con.Close();

Replace columntype with respected column datatype (ex: if your Email column is varchar so write)
C#
abc.Parameters.Add("@email", SqlDbType.VarChar).Value = TextBox2.Text;



try this stirng
C#
string qry2 = "Update MyProfile Set Email="+TextBox2.Text+",FullName="+TextBox3.Text+",PostalAddress="+TextBox4.Text+",City="+TextBox5.Text+",State="+TextBox6.Text+",Country="+TextBox7.Text+",Pin="+TextBox8.Text+" Where UserName="+"Amit"+"";
 
Share this answer
 
v2
Comments
Pr!y@ 30-Jan-12 16:37pm    
Thanks A Lot theanil Sir

But I have Question that why should i not use this procedure ?

string qry2 = "Update MyProfile Set Email='"+TextBox2.Text+"',FullName='"+TextBox3.Text+"',PostalAddress='"+TextBox4.Text+"',City='"+TextBox5.Text+"',State='"+TextBox6.Text+"',Country='"+TextBox7.Text+"',Pin='"+TextBox8.Text+"' Where UserName='Amit'";
cmd = new SqlCommand(qry2, con);
cmd.ExecuteNonQuery();
theanil 30-Jan-12 16:48pm    
i have updated the answer just try that string if it works tell me.
Pr!y@ 30-Jan-12 17:01pm    
Code Executed No error, but values are not inserting :(
theanil 30-Jan-12 17:03pm    
the value is not getting inserted by both the methods?
Pr!y@ 30-Jan-12 17:05pm    
Yes Please hELP

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900