How can i update data in c#

Question

I'm working in Visual Studio 2019 In c
I have problem with updating data to database
I use local Visual Studio SQL database

private void button1_Click(object sender, EventArgs e) { String source = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Szabolcs\Documents\Adatbázis Kezelés2.mdf;Integrated Security=True;Connect Timeout=30"; SqlConnection con = new SqlConnection(source); con.Open();

        String sqlSelectQuery = "SELECT * FROM [Table] WHERE ID = "+ int.Parse(textBox1.Text);
        SqlCommand cmd = new SqlCommand(sqlSelectQuery, con);
        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.Read())
        {
            textBox2.Text = (dr["Name"].ToString());
            textBox3.Text = (dr["Kor"].ToString());
            label4.Text = (dr["Kor"].ToString());
            label5.Text = (dr["Kor"].ToString());

            int s = 11;
            string y = (dr["Kor"].ToString());

            label4.Text = (dr["Kor"].ToString());
            x = Int32.Parse(label4.Text);
            x = x + 0;

            label6.Text = (x.ToString());
            
        }
    }

    private void button2_Click(object sender, EventArgs e)
    {
        String source = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Szabolcs\Documents\Adatbázis Kezelés2.mdf;Integrated Security=True;Connect Timeout=30";
        SqlConnection con = new SqlConnection(source);
        con.Open();
        x = x + 1;
        label6.Text = (x.ToString());
        String st = "UPDATE supplier SET Kor = " + label6.Text + " WHERE Id = " + textBox1.Text;
    }

Almost the same as you did in button1 except typically you use `ExecuteNonQuery()` for an UPDATE. Though if my guess is correct, you will have a sql syntax error because you have not quoted `label6.Text`. — Crowcoder, Jul 04 '20 at 20:30
The problem is that SQL is not "Uppdating" the data. Edit: Program is working just not uppdate the data — Szabolcs, Jul 04 '20 at 20:31
[SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](http://bobby-tables.com/) — marc_s, Jul 04 '20 at 20:37

Vivek Nuna · Accepted Answer · 2023-01-25T17:50:36.103

0

Add these lines

SqlCommand cmd = new SqlCommand(st, con);
int result = cmd.ExecuteNonQuery();

Please put a breakpoint and check the value of st, is it generating the valid query.

I would suggest to use parameterized query to avoid sql injection.

Also, please avoid using Select *, please use columns.

edited Jan 25 '23 at 17:50

answered Jul 04 '20 at 20:32

Vivek Nuna

25,472
25
109
197

There is have error: System.Data.SqlClient.SqlException: 'Invalid object name 'supplier'.' – Szabolcs Jul 04 '20 at 20:34
Do you have supplier table? Or check your connection string, are you pointing to the right database? – Vivek Nuna Jul 04 '20 at 20:37
I have "supplier" here: `String st = "UPDATE supplier SET Kor = " + label6.Text + " WHERE Id = " + textBox1.Text;` – Szabolcs Jul 04 '20 at 20:38
So is supplier table present in database? – Vivek Nuna Jul 04 '20 at 20:39
Here have a picture [link](https://imgur.com/a1ieLQq) – Szabolcs Jul 04 '20 at 20:42
@Szabolcs that table is literally named "Table", not supplier. – Crowcoder Jul 04 '20 at 20:43
Ohh... Its working. Thank you for help. Have a nice day – Szabolcs Jul 04 '20 at 20:45

How can i update data in c#

1 Answers1