Is this a correct Parameterized UPDATE QUERY ? And if you find any field used
twice or is unnecessary please let me know.
---------------------------------------------------------
code
---------------------------------------------------------
Private Sub btnupdate_Click(sender As Object, e As EventArgs) Handles btnupdate.Click
Call Gender()
Try
con.Open()
ss = "UPDATE emp_master set empid=@empid,empname=@empname,pfno=@pfno,dob=@dob,gender=@gender,contact=@contact,email=@email,doj=@doj," & _
"address=@address,edu=@edu,nationality=@nationality,bloodgroup=@bloodgroup,desig=@desig,exp=@exp,salary=@salary,dept=@dept,pic=@pic,usertype=@usertype WHERE empid=" & txtempid.Text & ""
com = New SqlCommand(ss, con)
com.Parameters.AddWithValue("@empid", txtempid.Text)
com.Parameters.AddWithValue("@empname", txtename.Text)
com.Parameters.AddWithValue("@pfno", txtpfno.Text)
com.Parameters.AddWithValue("@dob", dtpdob.Value.Date)
com.Parameters.AddWithValue("@gender", g)
com.Parameters.AddWithValue("@contact", txtcontact.Text)
com.Parameters.AddWithValue("@email", txtemail.Text)
com.Parameters.AddWithValue("@doj", dtpdoj.Value.Date)
com.Parameters.AddWithValue("@address", txtaddress.Text)
com.Parameters.AddWithValue("@edu", txtedu.Text)
com.Parameters.AddWithValue("@nationality", txtNation.Text)
com.Parameters.AddWithValue("@bloodgroup", cmb_Bloodgrp.Text)
com.Parameters.AddWithValue("@desig", txtdesig.Text)
com.Parameters.AddWithValue("@exp", txtexp.Text)
com.Parameters.AddWithValue("@salary", txtsalary.Text)
com.Parameters.AddWithValue("@dept", txtdept.Text)
com.Parameters.AddWithValue("@pic", arrImg)
com.Parameters.AddWithValue("@usertype", Cmb_utype.Text)
com.ExecuteNonQuery()
MsgBox("Record Updated Successfully !", MsgBoxStyle.Information, MsgBoxStyle.OkCancel)
Catch ex As Exception
MsgBox(ex.Message())
Finally
con.Close()
End Try
End Sub