Error converting datatype varchar to numeric in update method

Question

I'm trying to create an update method. The code is fine but it gives me an error when I run the project:

Erreur de conversion du type de données varchar en numeric. (Error converting data type varchar to numeric)

My code is :

public ActionResult Edit(string numQuittance)
    {
        var connetionString = ConfigurationManager.ConnectionStrings["connections"].ToString();
        QUITTANCIER quittancier = new QUITTANCIER();
        using (SqlConnection connection = new SqlConnection(connetionString))
        {
            string sql = $"Select numero_quittance,numero_police,date_mvt_du,date_mvt_au,prime_gbase,prime_gannexe,frais,taxes,commission_paye From quittancier Where numero_quittance ='{numQuittance}'";
            SqlCommand command = new SqlCommand(sql, connection);
            connection.Open(); using (SqlDataReader dataReader = command.ExecuteReader())
            {
                while (dataReader.Read())
                {
                    quittancier.NUMERO_QUITTANCE = Convert.ToString(dataReader["NUMERO_QUITTANCE"]);
                    quittancier.NUMERO_POLICE = Convert.ToString(dataReader["NUMERO_POLICE"]);
                    quittancier.DATE_MVT_DU = Convert.ToDateTime(dataReader["DATE_MVT_DU"]);
                    quittancier.DATE_MVT_AU = Convert.ToDateTime(dataReader["DATE_MVT_AU"]);
                    quittancier.PRIME_GBASE = Convert.ToInt32(dataReader["PRIME_GBASE"]);
                    quittancier.PRIME_GANNEXE = Convert.ToInt32(dataReader["PRIME_GANNEXE"]);
                    quittancier.FRAIS = Convert.ToInt32(dataReader["FRAIS"]);
                    quittancier.TAXES = Convert.ToInt32(dataReader["TAXES"]);
                    quittancier.COMMISSION_PAYE = Convert.ToInt32(dataReader["COMMISSION_PAYE"]);

                }
            }
            connection.Close();
        }
        return View(quittancier);


    }
    [HttpPost]
    [ActionName("Edit")]
    public ActionResult Edit(QUITTANCIER quittancier)
    {
        var connetionString = ConfigurationManager.ConnectionStrings["connections"].ToString();
        using (SqlConnection connection = new SqlConnection(connetionString))
        {
            string sql = "Update quittancier set numero_quittance='" + quittancier.NUMERO_QUITTANCE + "',numero_police='" + quittancier.NUMERO_POLICE + "',date_mvt_du='" + quittancier.DATE_MVT_DU + "',date_mvt_au='" + quittancier.DATE_MVT_AU + "',prime_gbase='" + quittancier.PRIME_GBASE + "',prime_gannexe='" + quittancier.PRIME_GANNEXE + "',frais='" + quittancier.FRAIS + "',commission_paye='" + quittancier.COMMISSION_PAYE + "'";
            using (SqlCommand command = new SqlCommand(sql, connection))
            {
                connection.Open();
                command.ExecuteNonQuery();
                connection.Close();
            }
        }
        return RedirectToAction("detail");
    }
}

Answer 1

The error message tells you that a numeric value cannot be converted into varchar. Since you have no explicit conversion being executed, your problem is with an implicit conversion. The database attempts to store a numeric field, but you pass a textual value to it. Note, that

'123'

is textual, while

123

is numeric. If you attempt to store a numeric value, you don't need quotes around it and you need to check whether it's numeric indeed.

P.S. Watch out for SQL injection, your project can easily be hacked by people with bad intention.

EDIT

Even though your code is extremely vulnerable, I will describe here how it will "work":

1. Your select might "work" if you omit the apostrophes around numQuittance

   string sql = $"Select numero_quittance,numero_police,date_mvt_du,date_mvt_au,prime_gbase,prime_gannexe,frais,taxes,commission_paye From quittancier Where numero_quittance ={numQuittance}";

2. Your update might "work" if you omit the apostrophes around numeric fields:

   string sql = "Update quittancier set numero_quittance='" + quittancier.NUMERO_QUITTANCE + "',numero_police='" + quittancier.NUMERO_POLICE + "',date_mvt_du='" + quittancier.DATE_MVT_DU + "',date_mvt_au='" + quittancier.DATE_MVT_AU + "',prime_gbase=" + quittancier.PRIME_GBASE + ",prime_gannexe=" + quittancier.PRIME_GANNEXE + ",frais=" + quittancier.FRAIS + ",commission_paye='" + quittancier.COMMISSION_PAYE + "'";