Appending data to an existing data in sql server database

Question

0.00/5 (No votes)

See more:

I have a table with contains the fields student name student marks student grade

If aldready there is a row -> in that table

Studentname -- studentmarks --- studentgrade
---ram ------------- 80 ------------ A-------

If i want to edit this row by updating the student mark as ( "existing student mark+80=new student mark") then what shall i do

I tried

Update studtable set studentmark=studentmark+80 where studentname=textbox1.text

I want to achieve something like appending data to existing data in the row :(

this is not working :( i dont know why :( please help me out ... or else can anyone tell me whether

using "where clause in Update sql is wrong :( please help me out urgent :(

Posted 25-Feb-13 4:16am

Member 8780842

Updated 25-Feb-13 4:19am

v2

Add a Solution

Comments

[no name] 25-Feb-13 10:23am

"this is not working" is not a helpful description of any kind of a problem. What is not working? The code does not run? The update does not happen? The "mark" is not updated? The textbox contains no text? Your car blew up? And, no, it's not urgent at all.

ZurdoDev 25-Feb-13 10:33am

Out of curiosity, what would your response be if the OP's car had blown up? :)

[no name] 25-Feb-13 10:47am

Don't run the code :-)

Member 8780842 25-Feb-13 10:28am

sorry sorry mark is not updated :(

Member 8780842 25-Feb-13 10:35am

ryanb31 no other go i hav to see that ;)

Member 8780842 25-Feb-13 10:49am

@ThePhantomUpvoter why ;)

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Accepted Answer · 2013-02-25T04:22:00

Solution 1

First off, please research SQL injections. Your code is extremely vulnerable. You need to pass what is in the textbox as a parameter instead of adding it in the string.

What you are missing are single quotes around the string value. So, what would work is Update studtable set studentmark=studentmark+80 where studentname='bill'. However, do something like this.

SQL

SqlCommand cmd = new SqlCommand();
cmd.Connection = sqlConn; // already setup somewhere.
cmd.CommandType = CommandType.Text
cmd.CommandText = "Update studtable set studentmark=studentmark+80 where studentname=@studentName" 
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.ExecuteNonQuery();

Posted 25-Feb-13 4:22am

ZurdoDev

Comments

Member 8780842 25-Feb-13 10:26am

is this possible ryanb31

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", textbox2.Text);

ZurdoDev 25-Feb-13 10:27am

Sure, that works.

Member 8780842 25-Feb-13 10:32am

Thank you so much :) :) :)

Member 8780842 25-Feb-13 10:33am

Another one doubt in the database table definition I have kept studentmark as int type and so when i am updating is it right to use like this

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", convert.int32(textbox2.Text));

ZurdoDev 25-Feb-13 10:36am

It will depend on how strict some of your SQL options are, but with a standard SQL install I believe it should work without converting to int. Because, essentially you are still doing it as a string statement, just adding parameters so that you don't have SQL injections. To do it properly with Ints you really should create a stored procedure that takes an Int; however, when using Parameters.AddWithValue, you don't need to convert to int.

Member 8780842 25-Feb-13 10:38am

This should work fine right :) :) :)

int x=convert.int32(textbox2.Text);

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", x);

[no name] 25-Feb-13 10:49am

You should use Int.Parse or Int.TryParse instead.

Member 8780842 25-Feb-13 10:50am

Thank you :)

Is this fine :)

int x=Int.Parse(textbox2.Text);

cmd.CommandText = "Update studtable set studentmark=studentmark+@studentmark where studentname=@studentName"
cmd.Parameters.AddWithValue("@studentName", textbox1.Text);
cmd.Parameters.AddWithValue("@studentmark", x);

ZurdoDev 25-Feb-13 11:30am

AddWithValue takes an Object as the parameter so all converting to Int gives you is a validation to make sure it is an int. You don't need to do it. You should validate the Int first.