why this code wont work

i have set 开发者_JAVA百科a an editor to enter its content into the database and then i can retrive and edit it and save it again and here is what i used:

string user = Page.User.Identity.Name;

    MySqlConnection conn = new MySqlConnection(@"connection string;");
    MySqlCommand cmd = new MySqlCommand("UPDATE copy SET cv='" + '"' + Editor1.Content.Replace("'", "''") + '"' + "' WHERE id = '" + user + "' ", conn);

    conn.Open();
    cmd.ExecuteNonQuery();

    conn.Close();

inserting and select works fine but update doesn't , it doesnt give errors but it just doesnt change the content(no matter what i change it always remains the same content);

i know that this is open to sql injection and i should switch to parametrized query and i will do just that after things work

i am using asp.net 3.5, mysql 5.0

i have identified the problem and making a new question with it thank you all for your help

It does not matter why it doesn't work, it's just plain wrong.

You're wide open to SQL injection attacks, and that should be your first concern.

You fix that by using parameters instead, something like this:

MySqlCommand cmd = new MySqlCommand("UPDATE copy SET cv=?cv WHERE id = ?id", conn);
cmd.Parameters.AddWithValue("cv", Editor1.Content);
cmd.Parameters.AddWithValue("id", user);

ExecuteNonQuery should return number of rows effected, with this in mind you can debug the code. for us to help can you write the sql statment that you are producing in string?

besides this first thing that comes to mind is that the id = 'user' might not be right, id suggests a integer but name looks like it is a string value.