Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB.NET
my db table is tbltest with id(int),name(varchar),lastname(varchar),foto(datatype image)
i can insert data in my database but i don't now to update them
i have store data in my db ,and i will to update them with a button (update)
the code for my insert button is
 
cmdtabela1 = connetion.CreateCommand
                  cmdtabela1.CommandText = "insert into tbltest values (@name,@lastname,@foto) "
 
                  cmdtabela1.Parameters.AddWithValue("name", txtname.Text)
                  cmdtabela1.Parameters.AddWithValue("lastname", txtlastname.Text)
                  
 

                  Dim ms As New MemoryStream()
                  PictureBox1.BackgroundImage.Save(ms, PictureBox1.BackgroundImage.RawFormat)
                  Dim data As Byte() = ms.GetBuffer()
                  Dim p As New SqlParameter("foto", SqlDbType.Image)
                  p.Value = data
                  cmdtabela1.Parameters.Add(p)
 
now how to update this colums in my database
 
i have write this code for my update button
 
connetion = New SqlConnection("my conetion string")
                    connetion.Open()
 
                    Dim ms As New MemoryStream()
                    PictureBox3.BackgroundImage.Save(ms, PictureBox3.BackgroundImage.RawFormat)
                    Dim data As Byte() = ms.GetBuffer()
                    Dim p As New SqlParameter("Foto", SqlDbType.Image)
                    p.Value = data
                    cmdtabela.Parameters.Add(p)
 
                    cmdtabela = connetion.CreateCommand
                    cmdtabela.CommandText = "update tbltest set name='" & txtupdatename.Text & "', lastname='" & txtupdatelstname.Text &   where Id='" & Trim(txtid.Text) & "'"
Posted 7-Nov-12 23:55pm
beniv1.7K

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Use a parameterized statement like in your insert:
 
connetion = New SqlConnection("my conetion string")
connetion.Open()
 
cmdtabela = connetion.CreateCommand
cmdtabela.CommandText = "update tbltest set name=@name, lastname=@lastname, foto=@foto where Id=@id"
 
cmdtabela.Parameters.AddWithValue("name", txtname.Text)
cmdtabela.Parameters.AddWithValue("lastname", txtlastname.Text)
cmdtabela.Parameters.AddWithValue("id", txtid.Text)
 
Dim ms As New MemoryStream()
PictureBox3.BackgroundImage.Save(ms, PictureBox3.BackgroundImage.RawFormat)
Dim data As Byte() = ms.GetBuffer()
Dim p As New SqlParameter("Foto", SqlDbType.Image)
p.Value = data
cmdtabela.Parameters.Add(p)
 
It's always worth parameterising any query or statement you run against a database for security:
 
https://www.owasp.org/index.php/SQL_Injection[^]
  Permalink  
Comments
beniv at 8-Nov-12 5:37am
   
thanks for the council it works
jim lahey at 8-Nov-12 5:39am
   
glad I could help. If the answer was the right one, please mark it as the solution and give it a rating.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 7,215
1 DamithSL 5,114
2 Maciej Los 4,866
3 Sergey Alexandrovich Kryukov 4,747
4 Kornfeld Eliyahu Peter 4,514


Advertise | Privacy | Mobile
Web03 | 2.8.141223.1 | Last Updated 8 Nov 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100