asp.net - Correct update statement c# -


i'd know if update sql statement correct, because have form wanna edit data. but, reason, form doesn't save updates , nothing happens in db.

this code-behind:

using system; using system.collections.generic; using system.linq; using system.web; using system.web.ui; using system.web.ui.webcontrols; using system.data.sqlclient; using system.data;  public partial class edit : system.web.ui.page {     sqlconnection con = new sqlconnection("data source=cassia-pc\\sqlexpress;initial catalog=clientes;integrated security=true");      protected void page_load(object sender, eventargs e)     {         string v = request.querystring["id"];         sqlcommand cmd = new sqlcommand("select idcliente, nmcliente, fantasia, cpf, cep, logradouro, numero, complemento, bairro, cidade, estado, telefone, celular, insestadual, insmunicipal, email, homepage, tbclientes.tpcliente, tbtipoclientes.idtipocliente, tbtipoclientes.nmtipocliente tbclientes inner join tbtipoclientes on tbclientes.tpcliente = tbtipoclientes.idtipocliente idcliente = '" + v + "'", con);         try         {             con.open();             using (var reader = cmd.executereader())             {                 while (reader.read()) {                     txtid.text = reader["idcliente"].tostring();                     txtnome.text = reader["nmcliente"].tostring();                     txtfantasia.text = reader["fantasia"].tostring();                     txtcpf.text = reader["cpf"].tostring();                     txtcep.text = reader["cep"].tostring();                     txtlogradouro.text = reader["logradouro"].tostring();                     txtnumero.text = reader["numero"].tostring();                     txtcomplemento.text = reader["complemento"].tostring();                     txtbairro.text = reader["bairro"].tostring();                     txtcidade.text = reader["cidade"].tostring();                     txtestado.text = reader["estado"].tostring();                     txttelefone.text = reader["telefone"].tostring();                     txtcelular.text = reader["celular"].tostring();                     txtinscestadual.text = reader["insestadual"].tostring();                     txtinscmunicipal.text = reader["insmunicipal"].tostring();                     txtemail.text = reader["email"].tostring();                     txtsite.text = reader["homepage"].tostring();                 }             }              cmd.executenonquery();         }         catch (exception ex)         {             console.writeline(ex.message);         }                 {             con.close();         }      }      protected void btneditar_click(object sender, eventargs e)    {         string v = request.querystring["id"];         con.open();         sqlcommand cmd = new sqlcommand("update tbclientes set nmcliente = '"+txtnome.text+"', fantasia = '"+txtfantasia.text+"', cpf = '"+txtcpf.text+"', cep = '"+txtcep.text+"', logradouro = '"+txtlogradouro.text+"', numero = '"+txtnumero.text+"', complemento = '"+txtcomplemento.text+"', bairro = '"+txtbairro.text+"', cidade = '"+txtcidade.text+"', estado = '"+txtestado.text+"', telefone = '"+txttelefone.text+"', celular = '"+txtcelular.text+ "', insestadual = '"+txtinscestadual.text+"', insmunicipal = '"+txtinscmunicipal.text+"', email = '"+txtemail.text+"', homepage = '"+txtsite.text+"' idcliente = '" + v + "'", con);         try         {             cmd.executenonquery();         }         catch(exception ex)         {            console.writeline(ex.message);         }                 {             con.close();         }     } }

i'm pretty sure problem is: 

where idcliente = '" + v + "'"

because client id numeric field in database want treat such:

where idcliente = " + v

as blorgbeard mentions need use parameterised commands protect against sql injection attack. solve issues such textboxes containing apostrophes , etc cause update fail.


-

Comments

Post a Comment

Popular posts from this blog

scala - 'wrong top statement declaration' when using slick in IntelliJ -

Image
i'm porting project scala 2.9 2.10, therefore have use slick instead of scalaquery. i'm using slick 2.1.0 since supports ms access. according this tutorial , upgrade guide changed robs object class , added val robs : why error message wrong top statement declaration , how rid of it? edit: i'm new scala... according this question seems can't put val outside of methods or classes, right? code above directly in packge. right approach slick then? should move code in class or trait? according this changed val robs = tablequery[robs] to object robs extends tablequery(new robs(_)) {} . no warnings or errors anymore. :)
Read more

c# - DevExpress.Wpf.Grid.InfiniteGridSizeException was unhandled -

Image
when using devexpress, see error: devexpress.wpf.grid.infinitegridsizeexception unhandled message="by default, infinite grid height not allowed since grid rows rendered , hence grid work slowly. fix issue, should place grid container give finite height grid, or should manually specify grid's height or maxheight. note can avoid exception setting gridcontrol.allowinfinitegridsize static property true, in case grid run slowly." the problem dxgrid has infinite height. to fix, set height non-infinite. snoop absolutely invaluable this: if "height" xaml element infinite (i.e. 0 or nan ), can set using one of following: option 1: height="{binding path=actualheight, relativesource={relativesource mode=findancestor, ancestortype=uielement}}" option 2: verticalalignment="stretch" option 3: height="auto" hint: use verticalalignment="stretch" if child of grid <rowdefinition height=
Read more

PySide and Qt Properties: Connecting signals from Python to QML -

i trying run simple pyside appliccation design made in qml. call function in qml python in separated thread. i have following qml view: import qt 4.7 rectangle { visible: true width: 100; height: 100 color: "lightgrey" text { id: datestr objectname: "datestr" x: 10 y: 10 text: "init text" font.pixelsize: 12 function updatedata(text) { datestr.text = qstr(text) console.log("you said: " + text) } } } here application: some imports.... #!/usr/bin/python import sys import time pyside import qtdeclarative, qtcore pyside.qtgui import qapplication pyside.qtdeclarative import qdeclarativeview the qthread worker.... #worker thread class worker(qtcore.qthread): updateprogress = qtcore.signal(int) def __init__(self, child): qtcore.qthread.__init__(self) self.child = child def run(self):
Read more