Click here to Skip to main content
15,748,748 members
Please Sign up or sign in to vote.
1.00/5 (4 votes)
See more: , +
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

namespace WebProjectOISD.ITuser
    public partial class WebEditProfile1 : System.Web.UI.Page
        SqlConnection con = new SqlConnection("data source=MANAS-PC\\SQLEXPRESS; initial catalog=Project ;integrated security=true;");
        protected void Page_Load(object sender, EventArgs e)


        protected void submit_Click(object sender, EventArgs e)
            int id = Convert.ToInt32(Session["id"].ToString());
            string query = "update ITTEAM set Name='" +TextBox1.Text+"',Username='" + TextBox2.Text+"',Mobile='" + TextBox3.Text+"',Email_Id='"+TextBox4.Text+"' where IT_Team_Id='" + id+ "'";
            SqlCommand cmd = new SqlCommand(query, con);
Updated 27-Feb-13 3:27am
Asim Mahmood 27-Feb-13 9:29am    
what is error and at which line error is?
BC @ CV 27-Feb-13 9:29am    
If you want an answer your going to need to supply more perhaps what exactly the error message is.
[no name] 27-Feb-13 9:29am    
It would really help to know what "the error" is. And you really should look into parameterized queries instead of the SQL injection attack mess you have going on.
joshrduncan2012 27-Feb-13 11:34am    
I second the SQL injection prevention measures.
[no name] 27-Feb-13 9:32am    
And id is an integer and you are treating as if is were a string in your query. Which a parameterized query would help with.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900