Simple update query NOT updating. No exceptions, no errors. Just... nothing

I am trying to do a very simple update, but is proving to be very difficult. I don't know what is going on; it just doesn't update:

Here's my update code:

if(Request.QueryString["Action"] == "Update")
{
    var InPage = Request["InPage"];
    var PositionInPage = Request["Posit开发者_开发知识库ionInPage"];
    var CategoryName = Request["CategoryName"];
    var ImagePath = Request["ImagePath"];
    database.Execute("UPDATE Categories SET PositionInPage = " +
                     PositionInPage + ", InPage = " + InPage +
                     " WHERE CategoryName = '" + CategoryName +
                     "' AND ImagePath = '" + ImagePath + "'");
    Response.Redirect("~/Fashion.cshtml");
}

Here's the form code:

<form method="post" action="Update.cshtml?Action=Update">
    <input type="hidden" name="CategoryName" value="@Request.QueryString["CategoryName"]" />
    <input type="hidden" name="ImagePath" value="@Request.QueryString["ImagePath"]" />
    <label for="InPage">Move to Page</label>
    <input type="text" name="InPage" value="@Request.QueryString["InPage"]" style="background-color: White;" />
    <br/><br/>
    <label for="PositionInPage">Position In Page</label>
    <input type="text" name="PositionInPage" value="@Request.QueryString["PositionInPage"]" style="background-color: White;" />
    <input type="submit" value="Submit" style="background-color: White;" />
</form>

I have checked that the QueryString is populated when the page is first reached and that the form variables are submitted upon clicking submit.

I have even put the DB query in a try catch statement and outputted any exceptions, but there are never any exceptions to catch.

But still nothing updates.

What am I doing wrong? Am I doing something wrong here?

an update can successfully update 0 rows. I would triple check your WHERE clause to see if it is actually trying to match existing rows.

Your code is vulnerable to SQL injection. Try fixing it like this:

database.Execute(
    "UPDATE Categories " +
    "SET PositionInPage = @0, InPage = @1 " + 
    "WHERE CategoryName = @2 AND ImagePath = @3", 

    PositionInPage, 
    InPage, 
    CategoryName, 
    ImagePath
);

Now that you have fixed the vulnerability ensure that the values of CategoryName and ImagePath you are passing in the WHERE clause actually match some records in the database.

Do you have an "instead of" trigger on the target table? In SQL Server if they encounter an error you won't hear about it in your update will not happen.

Check the WHERE clause condition. I think it can be improved:

• Try to have a unique numerical (auto number)/GUID ID for your category table.
• Use this ID in your update instead of using the text columns (categoryName, imagePath).