problem for sql quries

Question

1.00/5 (1 vote)

See more:

C#

SqlCommand cmd = new SqlCommand("Update policrec set policname,location,cortno,datac,dater,namem,crim4,fi5,nfi6,in7,tc8,tcn9,nca10,nc11,iv12,nc13,nca14,wr15,crp16,psm17,ops18,se19,ha20,frp21,mc22,src23,rlc24,icra25,mp26,pst27,ma28,mab28,mabi28,wrs29,mb30,fsm31,mtr32,r2g32,rnp32,mrt32,r2p32,rpn32,whr33,sci34,frm35,bsr36,acr37,bd38,phd40,dna41,ascr42,rign42,roz42,rgn42,rng42,wsp43,wrb44,mfo45,pstm46,zam47,mrds48,knm49,mch50,r1co51,r2pr51,rozn51,rigp51,ri12sr51,r19sr51,rig21r51,crtm52,adt53,quas54,supr55,pdsp56,cnid57,cirdt57,matc58,mat58,vitr59,sdtj59,dism60,apireg61,pnsh62,parpen63,cortmof64,corwnt65,zamt66,ciadd67,regstai68,inofic69,offista70 set values = N'" + polnam.Text + "',N'" + loct.Text + "',N'" + cort.Text + "',N'" + datc.Text + "',N'" + datr.Text + "',N'" + namm.Text + "',N'" + crm.Text + "',N'" + crmfir.Text + "',N'" + nafir.Text + "',N'" + invesn.Text + "',N'" + nocrm.Text + "',N'" + nocrd.Text + "',N'" + noadd.Text + "',N'" + textBox13.Text + "',N'" + textBox14.Text + "',N'" + textBox15.Text + "',N'" + textBox16.Text + "',N'" + textBox17.Text + "',N'" + comboBox2.Text + "',N'" + comboBox3.Text + "',N'" + comboBox4.Text + "',N'" + comboBox5.Text + "',N'" + comboBox6.Text + "',N'" + comboBox7.Text + "',N'" + textBox18.Text + "',N'" + comboBox8.Text + "',N'" + comboBox9.Text + "',N'" + comboBox10.Text + "',N'" + comboBox11.Text + "',N'" + comboBox12.Text + "',N'" + textBox19.Text + "',N'" + textBox20.Text + "',N'" + textBox21.Text + "',N'" + comboBox13.Text + "',N'" + comboBox14.Text + "',N'" + comboBox1.Text + "',N'" + comboBox15.Text + "',N'" + textBox1.Text + "',N'" + textBox2.Text + "',N'" + comboBox16.Text + "',N'" + textBox3.Text + "',N'" + textBox4.Text + "',N'" + comboBox17.Text + "',N'" + comboBox18.Text + "',N'" + comboBox19.Text + "',N'" + comboBox20.Text + "',N'" + comboBox21.Text + "',N'" + comboBox22.Text + "',N'" + comboBox23.Text + "',N'" + comboBox24.Text + "',N'" + comboBox25.Text + "',N'" + comboBox26.Text + "',N'" + textBox5.Text + "',N'" + textBox6.Text + "',N'" + textBox7.Text + "',N'" + textBox8.Text + "',N'" + comboBox27.Text + "',N'" + comboBox28.Text + "',N'" + comboBox29.Text + "',N'" + comboBox30.Text + "',N'" + comboBox31.Text + "',N'" + comboBox32.Text + "',N'" + comboBox33.Text + "',N'" + comboBox34.Text + "',N'" + textBox9.Text + "',N'" + textBox10.Text + "',N'" + textBox11.Text + "',N'" + textBox12.Text + "',N'" + textBox22.Text + "',N'" + textBox23.Text + "',N'" + textBox24.Text + "',N'" + comboBox35.Text + "',N'" + comboBox36.Text + "',N'" + comboBox37.Text + "',N'" + comboBox38.Text + "',N'" + comboBox39.Text + "',N'" + textBox25.Text + "',N'" + textBox26.Text + "',N'" + comboBox40.Text + "',N'" + textBox27.Text + "',N'" + textBox28.Text + "',N'" + textBox29.Text + "',N'" + comboBox41.Text + "',N'" + comboBox42.Text + "',N'" + comboBox43.Text + "',N'" + comboBox44.Text + "',N'" + comboBox45.Text + "',N'" + comboBox46.Text + "',N'" + comboBox47.Text + "',N'" + comboBox48.Text + "',N'" + comboBox49.Text + "',N'" + textBox30.Text + "' N'" + textBox31.Text + "')", abc);

the above update query not work correctly plz help any body

Posted 4-Mar-12 0:38am

Khan Rashid

Updated 4-Mar-12 0:39am

Uday P.Singh

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-03-04T00:59:00

For goodness sake!
Don't do it like that!
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Don't accept the default names for controls - give them names that actually mean something. You might remember that textBox31 holds the name of the office involved today, but by next week you will be hunting for it like teh rest of us, and using teh wroing fields in the wrong places.
3) Do you actively hate your users? Any form which has at least 46 comboboxes and 31 text boxes is going to be a real PITA to use. How do you expect your user to be able to work out what to put where?
4) You do realize that if you do not include a WHERE clause, an UPDATE statement will change every row of the table?
5) Have you looked at the syntax of an UPDATE statement recently? That isn't it...

SQL

UPDATE <table_name> SET <field1>=<new value>,<field2>=... WHERE ...

Uday P.Singh · Answer 2 · 2012-03-04T00:46:00

I am not surprised why above query not worked properly, this is a really bad practice to concatenate strings in query , this will prone to SQL injections[^] attacks. And you should always use parametrized[^] query, it will be easy to debug and trace out error and avoid SQL injection as well.

hope it helps :)

OriginalGriff · Answer 3 · 2012-03-04T00:55:00

For goodness sake!
Don't do it like that!
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Don't accept the default names for controls - give them names that actually mean something. You might remember that textBox31 holds the name of the office involved today, but by next week you will be hunting for it like teh rest of us, and using teh wroing fields in the wrong places.
3) Do you actively hate your users? Any form which has at least 46 comboboxes and 31 text boxes is going to be a real PITA to use. How do you expect your user to be able to work out what to put where?

problem for sql quries

3 solutions

Solution 3

Solution 1

Solution 2

Add your solution here

Preview 0