As Griff said, you need to fix the
SQL Injection[
^] vulnerability in your code.
You also need to fix the syntax of your command - what you currently have does not match
the syntax of the UPDATE
statement[
^].
You should also wrap the connection and command objects in
using
blocks, to ensure that they get cleaned up properly in every case.
public void Update()
{
using (OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Employees.mdb"))
using (OleDbCommand cmd = new OleDbCommand("UPDATE [employee] SET [Name] = ?, [Jobtitle] = ?, [Company] = ? WHERE [EmpID] = ?", conn))
{
cmd.Parameters.AddWithValue("p0", Name);
cmd.Parameters.AddWithValue("p1", Jobtitle);
cmd.Parameters.AddWithValue("p2", Company);
cmd.Parameters.AddWithValue("p3", EmpID);
conn.Open();
cmd.ExecuteNonQuery();
}
}