C# - Update SQL Table
Solution 1
As Michał Turczyn wrote in his answer, you have some problems with your code.
I agree with everything he wrote, but I thought you might benefit from seeing how your code should look like - so here you go:
var connetionString = "Data Source=EVOPC18\\PMSMART;Initial Catalog=NORTHWND;User ID=test;Password=test";
var sql = "UPDATE Employees SET LastName = @LastName, FirstName = @FirstName, Title = @Title ... ";// repeat for all variables
try
{
using(var connection = new SqlConnection(connetionString))
{
using(var command = new SqlCommand(sql, connection))
{
command.Parameters.Add("@LastName", SqlDbType.NVarChar).Value = Lnamestring;
command.Parameters.Add("@FirstName", SqlDbType.NVarChar).Value = Fnamestring;
command.Parameters.Add("@Title", SqlDbType.NVarChar).Value = Titelstring;
// repeat for all variables....
connection.Open();
command.ExecuteNonQuery();
}
}
}
catch (Exception e)
{
MessageBox.Show($"Failed to update. Error message: {e.Message}");
}
Solution 2
Few issues with your code:
1) Use using
, when working with IDisposable
objects, in your case connection
and command
.
2) As suggested in comments, use SqlCommandParameters
instead of concatenating strings for security reasons (google "preventing from SQL injections")
3) You don't execute your query! How you want it to make an impact if you don't do it? There's, for example, method like ExecuteNonQuery
in SqlCommand
class.
Comments
-
MansNotHot almost 2 years
I want to update my sql table. I was searching here and found solutions on how to go onto that problem. But sadly it just wont update the database. I have no clue what the problem is. I checked to sql command a couple of times for writing mistakes but couldnt find any or fixed them but still sadly nothing. I suppose it's something within the try block but cant find it out.
This is my code:
string connetionString = null; SqlConnection connection; SqlCommand command; string sql = null; SqlDataReader dataReader; connetionString = "Data Source=xxx\\xxx;Initial Catalog=xxx;User ID=xxx;Password=xxx"; sql = "UPDATE Employees SET LastName = '" + Lnamestring + "', FirstName = '" + Fnamestring + "', Title = '" + Titelstring + "', TitleOfCourtesy = '" + ToCstring + "', BirthDate = '" + Birthdatestring + "', HireDate = '" + Hiredatestring + "', Address = '" + Adressstring + "', City = '" + Citystring + "', Region = '" + Regionstring + "', PostalCode = '" + Postalstring + "', Country = '" + Countrystring + "', HomePhone = '" + Phonestring + "', Extension = '" + Extensionsstring + "', Notes = '" + Notesstring + "', ReportsTo = '" + ReportTostring + "' WHERE EmployeeID = '" + IDstring + "'; "; connection = new SqlConnection(connetionString); try { connection.Open(); command = new SqlCommand(sql, connection); SqlDataAdapter sqlDataAdap = new SqlDataAdapter(command); command.Dispose(); connection.Close(); MessageBox.Show("workd ! "); } catch (Exception ex) { MessageBox.Show("Can not open connection ! "); }
I hope someone can help me find my mistake.
EDIT: when i try it out it seems to work as the windows pops up with "workd" but the database is unchanged.
-
IronAces over 6 yearsWhat exactly is happening? Is an error occurring? P.S Make use of Using Statement P.P.S Make use of parameterisation
-
MansNotHot over 6 yearsjust edited it at the bottom
-
rene over 6 yearsplease use SqlCommandParameters instead of string concat
-
rene over 6 yearsyou don't execute the command, at all.
-
Nino over 6 yearstry with
command.ExecuteNonQuery();
beforecommand.Dispose();
-
JB's over 6 yearsTry using
Integrated Security = false
when providing login credentials for connection string link and addproviderName="System.Data.SqlClient"
to connection string too. -
Zohar Peled over 6 yearsChanged the wrong MySql tag to the correct SQL Server tag.
-
-
RealCheeseLord over 6 yearsadd a few words of explaination, as to why this is a solution to the question
-
MansNotHot over 6 yearsThanks worked like a charm and yes it was very helpful seeing how it was meant. Because im coding in C# for two days now :)
-
KiynL about 2 yearsYour answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.