string sqltext = "UPDATE [table] set [column]=? WHERE id=?"; // These must be added in the order they appear in the query string OleDbParameter imageParameter = new OleDbParameter("@image", OleDbType.VarBinary, image.Length); parameter.Value = command.Parameters.Add(imageParameter); // This is a bad idea. You're not vetting the value of the TextBox before using it. command.Parameters.AddWithValue("@id", TextBox1.Text);
string query = "UPDATE PatientVisit SET Barcode=? WHERE DNo=? AND VDate=?"; // NEVER store dates as Text!! using (OleDbCommand cmd = new OldDbCommand(query, helper.con)) { // You cannot use AddWithValue with a binary type. cmd.Parameters.Add("Barcode",OleDbType.VarBinary); cmd.Parameters["Barcode"].Value = Exportimage; // Again, you MUST verify user input before using it! // Treat it like the spawn of Satan that it is. int dno; bool success = int.TryParse(DNo.Text, out dno); if (success) { cmd.Parameters.AddWithValue("@dno", dno); } DateTime vdate; success &= DateTime.TryParse(VDate.Text, out vdate); if (success) { cmd.Parameters.AddWithValue("@VDate", vdate); } if (success) { cmd.ExecuteNonQuery(); } else { // Parsing failed somewhere so you're not executing the query. } }
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)