Update data in database using C# in ASP.NET [Resolved]

Posted by Babyeney under ASP.NET on 7/21/2011 | Points: 10 | Views : 34517 | Status : [Member] | Replies : 5
Hi! I don't know what's wrong with my code. It doesn't have any errors, but when I run it on a browser and tried to update the database when clicking the "submit button", the database was not updated at all with the changes I made. I hope someone could help me find out why I couldn't save changes to the database.

protected void btnSubmit_Click(object sender, EventArgs e)
{
if (ValidateInfo())
{
SqlConnection con = new SqlConnection();
con.ConnectionString = @"Data Source=ALLAINE-PC\SQLEXPRESS;Initial Catalog=cmsdatabase;Integrated Security=True";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "update CaseDatabase set CONAME='" + txtName.Text + "',COADDRESS='" + txtAddress.Text + "',CONTACTPERSON='"
+ txtContact.Text + "',TELNO='"
+ txtTel.Text + "',EMAIL='"
+ txtEmail.Text + "',OPDATE='"
+ txtDate.Text + "',LEFT_SANDZ='"
+ txtLeft.Text + "',TIME_ARRIVED='"
+ txtArrived.Text + "',TIME_LEFT='"
+ txtLeftSite.Text + "',SYSTYPE='"
+ txtSysType.Text + "',MODEL='"
+ txtModel.Text + "',OS='"
+ txtOS.Text + "',SERIALNO='"
+ txtSerial.Text + "',PROBLEM='"
+ txtProblem.Text + "',ACTION_TAKEN='"
+ txtAction.Text + "',TICKETSTATUS='"
+ txtStatus.Text + "',LASTUPDATE='"
+ txtLastUpdate.Text + "',SYSENG='"
+ txtSE.Text + "' where TICKETNO='" + txtTicket.Text + "'";

cmd.Connection = con;
SqlDataAdapter da = new SqlDataAdapter();
da.UpdateCommand = cmd;
con.Open();
cmd.ExecuteNonQuery();
con.Close();

lblError.Font.Bold = true;
lblError.Font.Size = 11;
lblError.Text = "You have successfully modified the case!";
}
}




Responses

Posted by: Seenuvasan on: 7/22/2011 [Member] Starter | Points: 50

Up
0
Down

Resolved
hi,

Remove below two lines from ur coding and execute once.

SqlDataAdapter da = new SqlDataAdapter(); 

da.UpdateCommand = cmd;


Refer this link also:
http://msdn.microsoft.com/en-us/library/aa728894(v=vs.71).aspx


Thanks,
Seen

Babyeney, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Poster on: 7/21/2011 [Member] Starter | Points: 25

Up
0
Down
Even if this works, this has prone to SQL Injection. You should use the parameterized statement to work with any SQL. Read this article http://itfunda.com/how-to-insert-records-into-the-database/Free/126 to know how to use parameterized statement in SQL. To update record, read this http://itfunda.com/how-to-update-record-into-the-database/Free/127.

Thanks

Babyeney, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Babyeney on: 7/21/2011 [Member] Starter | Points: 25

Up
0
Down
Hi, thanks for the reply! I can't access the update link, but I was able to access the insert link. Thank you :-)

Babyeney, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Babyeney on: 7/22/2011 [Member] Starter | Points: 25

Up
0
Down
Anyone can please help me? :(

Babyeney, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Babyeney on: 7/22/2011 [Member] Starter | Points: 25

Up
0
Down
Thank you so much! Your solution worked!

Babyeney, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response