开发者

c# updating database problem

I am trying to update a set of data onButtonClick . i have a username , date of birth , with CurrentEmailAddress, NewEmailAdrress, ConfirmNewEmailAddress

Im trying to update all of them on a single click. I am able to update the username , but i couldnt update the date of birth and email address.

Below is my c# code: do note that myDBmanager is to execute the update and it has no problem

 //SQL query
        string update开发者_开发百科SQL = "UPDATE user_profile,user_login SET ";
        updateSQL += "user_profile.user_name = '" + txtUserName.Text + "', ";
        updateSQL += "user_profile.user_dob = '" + txtDateOfBirth.Text + "'";


            if (txtNewPassword.Text != " " && txtNewEmailAddress.Text == " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "'";
            }
            else if (txtNewPassword.Text == " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_profile.user_email = '" + txtNewEmailAddress.Text + "'";

            }
            else if (txtNewPassword.Text != " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "',";
                updateSQL += "user_profile.user_email = '" + txtNewEmailAddress.Text + "'";
            }
            else { }

            updateSQL += " WHERE user_profile.user_profile_id = 1 ";
            updateSQL += " AND user_login.user_profile_id = 1 ;";
            updateSQL += Global.myDBManager.GetNewIndex();

            int update = Global.myDBManager.ExecuteSql(updateSQL);



        //Close connection
        Global.myDBManager.Disconnect();


Listen to the comments in this question - what you are doing, aside from not actually working for you, is very dangerous, and ripe for SQL Injection attacks. Google for "sql injection c#" and implement a solution - this article looks good:

http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

Once you've fixed that, you probably had/have some sort of simple code bug that is preventing your code from working, because your method (aside from the vulnerabilities) doesn't look too bad.

Stick a breakpoint on the top of the method, and work through the method, making sure the sql string is being built up as expected.

Hope that helps!


For checking empty string, use

!string.IsNullOrWhiteSpace(txtNewPassword.Text)

instead of

txtNewPassword.Text != " "

Thanks Ashwani

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜