how to use update query in c#

Question

0.00/5 (No votes)

See more:

I am trying to execute

C#

cmd.CommandText = "update onlineUsers set status='"+true+"' where username='"+txtUsername.Text+"'";

In the above query I am getting an error which says:

An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code

Additional information: Incorrect syntax near '('.

Posted 18-Apr-15 5:32am

Member 11417132

Updated 18-Apr-15 11:55am

Maciej Los

v2

Add a Solution

Comments

[no name] 18-Apr-15 11:47am

1.) Forget about using ugly SQL string concatenation, use Parameter instead.
2.) What db are you using? Does it understand boolean fields and value "true"? Maybe simply test with '0'/'1'.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2015-04-18T05:45:00

Solution 1

Probably, it's the username that's giving the problem.
But...you shouldn't do that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
The chances are that fixing that will also solve your other problem, as well as making your code easier to read.

C#

cmd.CommandText = "update onlineUsers set status=@STAT where username=@UN";
cmd.Parameters.AddWithValue("@STAT", "true");
cmd.Parameters.AddWithValue("@UN", txtUsername.Text);

Posted 18-Apr-15 5:45am

OriginalGriff

Comments

Member 11417132 18-Apr-15 11:59am

I appreciate your response but I am still getting the same error..!!

OriginalGriff 18-Apr-15 12:09pm

Then the code that is giving the error is not the code you are showing us - we need to see the context. Show us the whole method and indicate which line the exception comes on.

Nelek 18-Apr-15 18:21pm

"Additional information: Incorrect syntax near '('."

I think that was a hint that the code posted was not exactly the error ;) ;P