Click here to Skip to main content
12,885,226 members (37,059 online)
Rate this:
Please Sign up or sign in to vote.
See more: C# SQL SQL-Server C#4.0
EROR IN UPATE in think in com.ExecuteNonQuery(); flagR = false;

     public bool UpDebitor(string Name, string PostNumber, string PhoneNumber,Guid ID)
         bool flagR = true;
         string query = string.Format("UPDATE Debitors SET  Name = '{0}' , PostNumber = '{1}', PhoneNumber '{2}' WHERE ID = '{3}'",
             Name, PostNumber, (PhoneNumber != String.Empty) ? PhoneNumber : null,ID);
         using (SqlConnection con = new SqlConnection(constring))
             SqlCommand com = new SqlCommand(query, con);
                 flagR = false;
             return flagR;
Posted 13-Dec-12 10:38am
richcb 13-Dec-12 16:42pm
What does the error message say?
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

1) You should really be using Paramaterized Queries.
2) PhoneNumber '{2}' should be PhoneNumber = '{2}'
jibesh 13-Dec-12 16:54pm
Good Catch Marcus!!!
the dark Knight 13-Dec-12 17:04pm
thank you working now
Turbo_23 14-Dec-12 0:11am
Great Marcus....
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

The major flaw of this code is that it is using string data to compose a query; and you should never ever do it because this is too dangerous from the security standpoint.

The data can come from anywhere, including user input. In this case, it can be anything, including… a fragment of SQL code. This simple idea explain a well-known exploit called SQL Injection:[^].

This article also explain the importance of parameterized statements. You need to use them in your code. Please see:[^].


This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170424.1 | Last Updated 13 Dec 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100