Click here to Skip to main content
11,631,992 members (69,274 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET SQL SQL-Server
I have a table with contains the fields student name student marks student grade

If aldready there is a row -> in that table

Studentname -- studentmarks --- studentgrade
---ram ------------- 80 ------------ A-------


If i want to edit this row by updating the student mark as ( "existing student mark+80=new student mark") then what shall i do

I tried

Update studtable set studentmark=studentmark+80 where studentname=textbox1.text

I want to achieve something like appending data to existing data in the row Frown | :(


this is not working Frown | :( i dont know why Frown | :( please help me out ... or else can anyone tell me whether

using "where clause in Update sql is wrong Frown | :( please help me out urgent :(
Posted 25-Feb-13 4:16am
Edited 25-Feb-13 4:19am
v2
Comments
ThePhantomUpvoter at 25-Feb-13 10:23am
   
"this is not working" is not a helpful description of any kind of a problem. What is not working? The code does not run? The update does not happen? The "mark" is not updated? The textbox contains no text? Your car blew up? And, no, it's not urgent at all.
ryanb31 at 25-Feb-13 10:33am
   
Out of curiosity, what would your response be if the OP's car had blown up? :)
ThePhantomUpvoter at 25-Feb-13 10:47am
   
Don't run the code :-)
Member 8780842 at 25-Feb-13 10:28am
   
sorry sorry mark is not updated :(
Member 8780842 at 25-Feb-13 10:35am
   
ryanb31 no other go i hav to see that ;)
Member 8780842 at 25-Feb-13 10:49am
   
@ThePhantomUpvoter why ;)

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

First off, please research SQL injections. Your code is extremely vulnerable. You need to pass what is in the textbox as a parameter instead of adding it in the string.

What you are missing are single quotes around the string value. So, what would work is Update studtable set studentmark=studentmark+80 where studentname='bill'. However, do something like this.
SqlCommand cmd = new SqlCommand();
cmd.Connection = sqlConn; // already setup somewhere.
cmd.CommandType = CommandType.Text
cmd.CommandText = "Update studtable set studentmark=studentmark+80 where studentname=@studentName" 
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.ExecuteNonQuery();
  Permalink  
Comments
Member 8780842 at 25-Feb-13 10:26am
   
is this possible ryanb31

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", textbox2.Text);
ryanb31 at 25-Feb-13 10:27am
   
Sure, that works.
Member 8780842 at 25-Feb-13 10:32am
   
Thank you so much :) :) :)
Member 8780842 at 25-Feb-13 10:33am
   
Another one doubt in the database table definition I have kept studentmark as int type and so when i am updating is it right to use like this


cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", convert.int32(textbox2.Text));
ryanb31 at 25-Feb-13 10:36am
   
It will depend on how strict some of your SQL options are, but with a standard SQL install I believe it should work without converting to int. Because, essentially you are still doing it as a string statement, just adding parameters so that you don't have SQL injections. To do it properly with Ints you really should create a stored procedure that takes an Int; however, when using Parameters.AddWithValue, you don't need to convert to int.
Member 8780842 at 25-Feb-13 10:38am
   
This should work fine right :) :) :)

int x=convert.int32(textbox2.Text);

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", x);
ThePhantomUpvoter at 25-Feb-13 10:49am
   
You should use Int.Parse or Int.TryParse instead.
Member 8780842 at 25-Feb-13 10:50am
   
Thank you :)

Is this fine :)

int x=Int.Parse(textbox2.Text);

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", x);

ryanb31 at 25-Feb-13 11:30am
   
AddWithValue takes an Object as the parameter so all converting to Int gives you is a validation to make sure it is an int. You don't need to do it. You should validate the Int first.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 8,397
1 Sergey Alexandrovich Kryukov 8,009
2 Mika Wendelius 6,260
3 F-ES Sitecore 2,296
4 Suvendu Shekhar Giri 1,970


Advertise | Privacy | Mobile
Web02 | 2.8.150728.1 | Last Updated 25 Feb 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100