Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# SQL SQL-Server C#4.0
EROR IN UPATE in think in com.ExecuteNonQuery(); flagR = false;
 
     public bool UpDebitor(string Name, string PostNumber, string PhoneNumber,Guid ID)
     {
         bool flagR = true;
         string query = string.Format("UPDATE Debitors SET  Name = '{0}' , PostNumber = '{1}', PhoneNumber '{2}' WHERE ID = '{3}'",
             Name, PostNumber, (PhoneNumber != String.Empty) ? PhoneNumber : null,ID);
 
         using (SqlConnection con = new SqlConnection(constring))
         {
             SqlCommand com = new SqlCommand(query, con);
             try
             {
                 con.Open();
                 com.ExecuteNonQuery();
                 flagR = false;
 
             }
             catch
             {
 
             }
             return flagR;
         }
     }
Posted 13-Dec-12 10:38am
Comments
richcb at 13-Dec-12 16:42pm
   
What does the error message say?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

1) You should really be using Paramaterized Queries.
2) PhoneNumber '{2}' should be PhoneNumber = '{2}'
  Permalink  
v2
Comments
jibesh at 13-Dec-12 16:54pm
   
Good Catch Marcus!!!
the dark Knight at 13-Dec-12 17:04pm
   
thank you working now
Turbo_23 at 14-Dec-12 0:11am
   
Great Marcus....
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The major flaw of this code is that it is using string data to compose a query; and you should never ever do it because this is too dangerous from the security standpoint.
 
The data can come from anywhere, including user input. In this case, it can be anything, including… a fragment of SQL code. This simple idea explain a well-known exploit called SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection[^].
 
This article also explain the importance of parameterized statements. You need to use them in your code. Please see:
http://msdn.microsoft.com/en-us/library/ms254953.aspx[^].
 
—SA
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 CPallini 385
1 BillWoodruff 334
2 Sergey Alexandrovich Kryukov 333
3 George Jonsson 285
4 OriginalGriff 267
0 OriginalGriff 5,095
1 CPallini 4,285
2 Sergey Alexandrovich Kryukov 3,767
3 George Jonsson 2,941
4 Gihan Liyanage 2,386


Advertise | Privacy | Mobile
Web03 | 2.8.140916.1 | Last Updated 13 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100