Click here to Skip to main content
15,561,817 members
Please Sign up or sign in to vote.
1.44/5 (2 votes)
See more:
C#
private void btnUpdate_Click(object sender, EventArgs e)
            {
            if (txtAdNumber.Text == "" || txtAddress.Text == "" || txtCity.Text == "" || txtContact.Text == "" || txtDistrict.Text == "" || txtFather.Text == "" || txtMother.Text == "" || txtName.Text == "" || txtState.Text == "" || cmbEducation.Text == "Higher Education" || cmbGender.Text == "Gender")
            {
                MessageBox.Show("Fill the Details");
            }
            else
            {
                if (MessageBox.Show("Do You want to Update This Recored", "Record Update", MessageBoxButtons.YesNo, MessageBoxIcon.Warning) == DialogResult.Yes)
                {
                    try
                    {
                        conn.Open();

                        cmd = new OleDbCommand(" update StudentDetails set " +
                            "AddmissionNo='" + txtAdNumber.Text + "' ,StudentName = '" + 
 txtName.Text + "', FatherName= '" + txtFather.Text + "', MotherName='" + txtMother.Text + "', Gender='" + cmbGender.Text + "'," +
                            "DOB= '" + dob.Value.ToString() + "', contactNo='" + txtContact.Text + "', PermanentAddress='" + txtAddress.Text + "', City= '" + txtCity.Text + "'," +
                            "District= '" + txtDistrict.Text + "', State= '" + txtState.Text + "', Qualification= '" + cmbEducation.Text + "', CourseName = '" + cmbCourse.Text + "' where AddmissionNo='" + txtAdNumber.Text + "' ", conn);
                        cmd.ExecuteNonQuery();
                        conn.Close();
                        MessageBox.Show("Updated Successfully");
                    }
                    catch (Exception ex)
                    {
                        MessageBox.Show(ex.Message);
                        conn.Close();
                    }
                    //updateStudentTable();
                    fetchData();
                    clear();
                }
                else
                {
                    MessageBox.Show("Not Updated", "Update", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }

                
                btnSave.Show();
            }
        }


What I have tried:

Please check cmd section. I tried single quotes instead of '"+ +"', but error remain same.
Posted
Updated 28-Apr-21 1:08am
v2
Comments
Patrice T 27-Apr-21 20:59pm    
Which error message ?
Shoib Khan 27-Apr-21 21:00pm    
Sorry I updated my question.

It says No value given for one or more parameters.

Quote:
No value given for one or more parameters.

The only thing to do is to print the command to see what is the real command you send.
The error depend on the data.
C#
cmd = new OleDbCommand(" update StudentDetails set " +
"AddmissionNo='" + txtAdNumber.Text + "' ,StudentName = '" + 
 txtName.Text + "', FatherName= '" + txtFather.Text + "', MotherName='" + txtMother.Text + "', Gender='" + cmbGender.Text + "'," +
"DOB= '" + dob.Value.ToString() + "', contactNo='" + txtContact.Text + "', PermanentAddress='" + txtAddress.Text + "', City= '" + txtCity.Text + "'," +
"District= '" + txtDistrict.Text + "', State= '" + txtState.Text + "', Qualification= '" + cmbEducation.Text + "', CourseName = '" + cmbCourse.Text + "' where AddmissionNo='" + txtAdNumber.Text + "' ", conn);

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
v2
Comments
Shoib Khan 27-Apr-21 21:08pm    
@Patrice
So,
What should I do to solve this problem (Error that I'm getting).
Shoib Khan 27-Apr-21 21:09pm    
I have a Save button, that query works fine. And I'll solve the SQL Injection bug thank you to inform me.
I cannot find anything wrong with your code.
There is a highly chance that you misspelled your table name of field name incorrectly.
 
Share this answer
 
Comments
Richard Deeming 29-Apr-21 4:40am    
Nothing wrong? Not even the glaring SQL Injection[^] vulnerability?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900