public void updateTbl(string newname) { string oldname = Session["oldname"].ToString(); String db = Session["value"].ToString(); SqlConnection cnn = new SqlConnection("Data Source=HAMEED_KHAN\\SQLEXPRESS; Initial catalog=db_compiler; Integrated security=true"); string RNquery="USE "+db+" EXEC sp_rename '"+oldname+"', '"+newname+"'"; string updateQuery = "USE "+db+" Update 'tbl_field' SET Table_Name= replace(Table_Name, "+ oldname + ", " + newname + ")"; SqlCommand cmd2 = new SqlCommand(updateQuery, cnn); SqlCommand cmd = new SqlCommand(RNquery, cnn); cnn.Open(); cmd2.ExecuteNonQuery();//Here ERROR 'incorrect syntax near tbl_field cmd.ExecuteNonQuery(); cnn.Close(); }
Update 'tbl_field'
Update tbl_field
string updateQuery = "USE " + db + " Update tbl_field SET Table_Name= replace(Table_Name, '" + oldname + "', '" + newname + "')";
SQL injection attacks
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)