Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
EROR IN UPATE in think in com.ExecuteNonQuery(); flagR = false;
 
     public bool UpDebitor(string Name, string PostNumber, string PhoneNumber,Guid ID)
     {
         bool flagR = true;
         string query = string.Format("UPDATE Debitors SET  Name = '{0}' , PostNumber = '{1}', PhoneNumber '{2}' WHERE ID = '{3}'",
             Name, PostNumber, (PhoneNumber != String.Empty) ? PhoneNumber : null,ID);
 
         using (SqlConnection con = new SqlConnection(constring))
         {
             SqlCommand com = new SqlCommand(query, con);
             try
             {
                 con.Open();
                 com.ExecuteNonQuery();
                 flagR = false;
 
             }
             catch
             {
 
             }
             return flagR;
         }
     }
Posted 13-Dec-12 10:38am
Comments
richcb at 13-Dec-12 16:42pm
   
What does the error message say?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

1) You should really be using Paramaterized Queries.
2) PhoneNumber '{2}' should be PhoneNumber = '{2}'
  Permalink  
v2
Comments
jibesh at 13-Dec-12 16:54pm
   
Good Catch Marcus!!!
the dark Knight at 13-Dec-12 17:04pm
   
thank you working now
Turbo_23 at 14-Dec-12 0:11am
   
Great Marcus....
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The major flaw of this code is that it is using string data to compose a query; and you should never ever do it because this is too dangerous from the security standpoint.
 
The data can come from anywhere, including user input. In this case, it can be anything, including… a fragment of SQL code. This simple idea explain a well-known exploit called SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection[^].
 
This article also explain the importance of parameterized statements. You need to use them in your code. Please see:
http://msdn.microsoft.com/en-us/library/ms254953.aspx[^].
 
—SA
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Your Filters
Interested
Ignored
     
0 Guruprasad.K.Basavaraju 450
1 Sergey Alexandrovich Kryukov 325
2 Shai Vashdi 318
3 OriginalGriff 265
4 Peter Leow 171
0 Sergey Alexandrovich Kryukov 9,109
1 OriginalGriff 5,290
2 Peter Leow 4,010
3 Maciej Los 3,535
4 Abhinav S 3,263


Advertise | Privacy | Mobile
Web01 | 2.8.140415.2 | Last Updated 13 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Use
Layout: fixed | fluid