I am working with a program which stores customers data
and later it needs to be changed
this is my code :
private void button2_Click(object sender, EventArgs e)
{
conn.Open();
string oc = ("Update Custs Set Cname =#Cname, NatCode=#NatCode, Bdate=#Bdate, CellPhone=#CellPhone, Addr=#Addr, Where NatCode Like'%" + textBox2.Text + "%'");
OleDbCommand myCommand = new OleDbCommand();
myCommand.CommandText = oc;
myCommand.Connection = conn;
myCommand.Parameters.AddWithValue("#Cname",textBox1.Text);
myCommand.Parameters.AddWithValue("#NatCode", textBox3.Text);
myCommand.Parameters.AddWithValue("#Bdate", textBox2.Text);
myCommand.Parameters.AddWithValue("#CellPhone", textBox4.Text);
myCommand.Parameters.AddWithValue("#Addr", textBox8.Text);
myCommand.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Data Changed successfully!");
}
But it doesn't do change anything
any help would be appreciated
Are you sure Where NatCode Like'%" + textBox2.Text + "%'" contains any row?
in myCommand.Parameters.AddWithValue("#Bdate", textBox2.Text); you are using textBox2 for Birthday and in Query you use it for NationalCode.
I guess the problem is it.
Related
I am inserting data in the textbox1 and dropdown1 but the data is only saved in the query which is written at the second position"i.e in this case c_name". C_name is either empty or inserts null values.
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
MySqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into market (m_name) values ('" + TextBox1.Text + "')";
cmd.CommandText = "insert into city (c_name) values('" + DropDownList1.SelectedValue + "')";
if (DropDownList1.SelectedValue == "-1")
{
Response.Write("Please select a city");
}
cmd.ExecuteNonQuery();
con.Close();
}
You should cmd.ExecuteNonQuery() after the first cmd.CommandText and then you have to do the same for your second cmd.CommandText, and both query will perform their actions.
protected void Button1_Click(object sender, EventArgs e)
{
if (DropDownList1.SelectedValue == "-1")
{
Response.Write("Please select a city");
return; // Must return don't execute after 'if' part or use 'else' there
}
con.Open();
MySqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into market (m_name) values ('" + TextBox1.Text + "')";
cmd.ExecuteNonQuery(); // First insert executed here
cmd.CommandText = "insert into city (c_name) values('" + DropDownList1.SelectedValue + "')";
cmd.ExecuteNonQuery(); // Second insert executed here
con.Close();
}
I am currently trying delete my advertisement. But instead of deleting it from database I just want to set the status from 1 ( which means active ) to 0 (which means inactive). I have tried to use query UPDATE. But I do not know the format. My current code is
protected void btnDelete_Click(object sender, EventArgs e)
{
if (sqlCon.State == ConnectionState.Closed)
sqlCon.Open();
SqlCommand sqlCmd = new SqlCommand("DeleteImage", sqlCon);
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.Parameters.AddWithValue("AdvID", Convert.ToInt32(hfContactID.Value));
sqlCmd.ExecuteNonQuery();
sqlCon.Close();
Clear();
FillGridView();
LitMsg.Text = "Deleted Successfully";
ButSave.Enabled = true;
Image1.Visible = false;
}
and I believe that Delete query does not change my status to 0 so my update query is something like this.
protected void btnUpdate_Click(object sender, EventArgs e)
{
if (FileImgsave.HasFile == true)
{
string imgfile = Path.GetFileName(FileImgsave.PostedFile.FileName);
//FileImgsave.SaveAs("Images/" + imgfile);
FileImgsave.SaveAs(Server.MapPath("~/Images/" + imgfile));
sqlCon.Open();
SqlCommand cmd = sqlCon.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "UPDATE Advertisement SET Item=#item,ImgPath=#image,Name=#name Where AdvID='" + AdsTb.Text + "'";
cmd.Parameters.AddWithValue("#name", nameTb.Text);
cmd.Parameters.AddWithValue("#item", imgfile);
cmd.Parameters.AddWithValue("#image", "~/Images/" + imgfile);
cmd.ExecuteNonQuery();
sqlCon.Close();
FillGridView();
LitMsg.Text = "Update successfully!";
Clear();
}
Below is my delete query
ALTER PROC [dbo].[DeleteImage]
#AdvID int
AS
BEGIN
DELETE FROM Advertisement
WHERE AdvID = #AdvID
END
You forgot to Update the Status
cmd.CommandText = "UPDATE Advertisement SET Status=0, Item=#item,ImgPath=#image,Name=#name Where AdvID='" + AdsTb.Text + "'";
Status=0
I am trying to edit an Access DB_. For some reason I cannot insert anything. I believe my code is correct. The connection string is correct (though for security purposes I put a fake one for this post). At the end, I do not get the MessageBox like I am supposed to at the end of the function. Nothing was added to the Access DB either.
Any reason why this might be?
namespace TestBuild
{
public partial class Form1 : Form
{
OleDbConnection con = new OleDbConnection(#"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users...\Documents\TestDB.accdb");
public Form1()
{
InitializeComponent();
}
private void Button1_Click(object sender, EventArgs e)
{
con.Open();
OleDbCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into table1 values('"+textBox1.Text+"','"+textBox2.Text+"')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("record inserted successfully");
}
}
}
Suggestion - please consider refactoring your code as follows, and step through it, a line at a time, in the MSVS debugger:
string connString = #"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users...\Documents\TestDB.accdb";
private void Button1_Click(object sender, EventArgs e)
{
string sql = "insert into table1 values('" + textBox1.Text + "','" + textBox2.Text + "')";
OleDbCommand cmd= new OleDbCommand(sql);
using (OleDbConnection con = new OleDbConnection(connString)) {
cmd.Connection = conn;
try
{
con.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("record inserted successfully");
}
catch (Exception ex)
{
MessageBox.Show("ERROR" + ex.Message);
}
}
}
PS:
If you wanted to use prepared statements, you'd change your code to something like this:
string sql = "insert into table1 values(#param1, #param2)";
...
cmd.Parameters.AddWithValue("#param1", textBox1.Text);
cmd.Parameters.AddWithValue("#param1", textBox2.Text);
con.Open();
cmd.Prepare();
cmd.ExecuteNonQuery();
You can read more about techniques and guidelines for mitigating SQL injection here:
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Here is another good article:
Best Practices for Using ADO.NET (MSDN)
Okay so here's my code. Everything works and saves to the database.
Though, it only stores the current value that's displayed in the combobox.
I want it to store all 3 values, for each value has its own checkboxes.
How would I go about coding something that saves each of the 3 values and the corresponding checkboxes to the database(sql)?
Form
, Code
private void button1_Click(object sender, EventArgs e)
{
if (con.State == ConnectionState.Closed)
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "insert into cloggingInfo(Date, PID, Operator, Type)values('"+labelTime.Text+"', '" + cboStatePid.Text + "', '" + cboStateOperator.Text + "', '" + cboStateType.Text + "')";
cmd.ExecuteNonQuery();
cmd.Dispose();
con.Close();
MessageBox.Show("Start added succesfully");
listView1.Items.Clear();
AddToListView();
}
}
Try to use "combobox.SelectedItem" or "combobox.SelectedValue". If your combobox is filled with datasource you need to define "DisplayMember" and "ValueMember" for it.
private void button1_Click(object sender, EventArgs e)
{
if (con.State == ConnectionState.Closed)
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "insert into cloggingInfo(Date, PID, Operator, Type)values('"+labelTime.Text+"', '" + cboStatePid.SelectedItem+ "', '" + cboStateOperator.SelectedItem+ "', '" + cboStateType.SelectedItem+ "')";
cmd.ExecuteNonQuery();
cmd.Dispose();
con.Close();
MessageBox.Show("Start added succesfully");
listView1.Items.Clear();
AddToListView();
}
}
Try to get the combo box items for each combo box as shown below and then save it.
private void button1_Click(object sender, EventArgs e)
{
StringBuilder comboBox1Items = new StringBuilder();
foreach (var item in comboBox1.Items)
{
comboBox1Items.Append(item + " ");
}
string cb1Items = comboBox1Items.ToString();
}
update data in access database using name two column
because one column have same data because SerialNumber and Start can be Repeat
that's make update in all row have same data
i use this code but i have syntax Error
private void button3_Click(object sender, EventArgs e)
{
try
{
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
string query = "update Timer set Stop='" + label1.Text + "'where (SerialNumber,Start)='" + comboBox1.Text + "','" + textBox1.Text + "' ";
command.CommandText = query;
command.ExecuteNonQuery();
MessageBox.Show("Data saved");
connection.Close();
send_data f2 = new send_data(comboBox1.Text,label2.Text);
f2.ShowDialog();
}
catch (Exception ex)
{
MessageBox.Show("ERORR" + ex);
}
}
The correct syntax for the WHERE clause is
WHERE fieldname operator value AND/OR fieldname operator value ....
So the correct way to update that record is
string query = #"update Timer set Stop=? where SerialNumber = ? AND Start = ?";
command.CommandText = query;
command.Parameters.AddWithValue("#p1", label1.Text);
command.Parameters.AddWithValue("#p2", comboBox1.Text );
command.Parameters.AddWithValue("#p3", textBox1.Text);
command.ExecuteNonQuery();
Notice that before the WHERE keyword you need a space and I have changed your code to use a more secure parameterized approach instead of string concatenation