ERROR ON UPDATE QUERY
-
the code in my application is: OleDbCommand com = new OleDbCommand(); com.Connection = con; com.CommandText = "UPDATE tblUsers SET Password=? WHERE UserName=?"; com.Parameters.Add("UserName", OleDbType.WChar); com.Parameters.Add("Password", OleDbType.WChar); com.Parameters["UserName"].Value = this.UserName; com.Parameters["Password"].Value = this.txtPassword1.Text; ------------------------------------------------------------------------------- When I run the application , it gives the syntax error in update query. I am unable to find where I am going wrong Kindly help me!
Sadaf
Why not you try this: com.CommandText = "UPDATE tblUsers SET Password='" + this.UserName.Text + "' WHERE UserName='" + this.txtPassword1.Text + "'"
Do good and have good.
-
Why not you try this: com.CommandText = "UPDATE tblUsers SET Password='" + this.UserName.Text + "' WHERE UserName='" + this.txtPassword1.Text + "'"
Do good and have good.
Silent Eagle wrote:
com.CommandText = "UPDATE tblUsers SET Password='" + this.UserName.Text + "' WHERE UserName='" + this.txtPassword1.Text + "'"
Shouldn't that be: com.CommandText = "UPDATE tblUsers SET Password='" + this.txtPassword1.Text + "' WHERE UserName='" + this.UserName.Text + "'"
Paul Marfleet "No, his mind is not for rent To any God or government" Tom Sawyer - Rush
-
Silent Eagle wrote:
com.CommandText = "UPDATE tblUsers SET Password='" + this.UserName.Text + "' WHERE UserName='" + this.txtPassword1.Text + "'"
Shouldn't that be: com.CommandText = "UPDATE tblUsers SET Password='" + this.txtPassword1.Text + "' WHERE UserName='" + this.UserName.Text + "'"
Paul Marfleet "No, his mind is not for rent To any God or government" Tom Sawyer - Rush
Thanks, Yes you are right. It is written mistakenly but i think it conveys the concept.
Do good and have good.
-
Silent Eagle wrote:
com.CommandText = "UPDATE tblUsers SET Password='" + this.UserName.Text + "' WHERE UserName='" + this.txtPassword1.Text + "'"
Shouldn't that be: com.CommandText = "UPDATE tblUsers SET Password='" + this.txtPassword1.Text + "' WHERE UserName='" + this.UserName.Text + "'"
Paul Marfleet "No, his mind is not for rent To any God or government" Tom Sawyer - Rush
Thanks all for ur kind help but its still giving the same error!
Sadaf
-
the code in my application is: OleDbCommand com = new OleDbCommand(); com.Connection = con; com.CommandText = "UPDATE tblUsers SET Password=? WHERE UserName=?"; com.Parameters.Add("UserName", OleDbType.WChar); com.Parameters.Add("Password", OleDbType.WChar); com.Parameters["UserName"].Value = this.UserName; com.Parameters["Password"].Value = this.txtPassword1.Text; ------------------------------------------------------------------------------- When I run the application , it gives the syntax error in update query. I am unable to find where I am going wrong Kindly help me!
Sadaf
try this code OleDbCommand com = new OleDbCommand(); com.Connection = con; com.CommandText = "UPDATE tblUsers SET Password=? WHERE UserName=?"; com.Parameters.Add("UserName", OleDbType.WChar); com.Parameters.Add("Password", OleDbType.WChar); com.Parameters["UserName"].Value = this.UserName.Text;//Error was here com.Parameters["Password"].Value = this.txtPassword1.Text;
-
the code in my application is: OleDbCommand com = new OleDbCommand(); com.Connection = con; com.CommandText = "UPDATE tblUsers SET Password=? WHERE UserName=?"; com.Parameters.Add("UserName", OleDbType.WChar); com.Parameters.Add("Password", OleDbType.WChar); com.Parameters["UserName"].Value = this.UserName; com.Parameters["Password"].Value = this.txtPassword1.Text; ------------------------------------------------------------------------------- When I run the application , it gives the syntax error in update query. I am unable to find where I am going wrong Kindly help me!
Sadaf
-
Thanks all for ur kind help but its still giving the same error!
Sadaf
There are two major flaws in your code: 1. Generating SQL statements on the fly is generally considered bad practice. It leaves you exposed to SQL injection attacks. Instead, consider writing a stored procedure to perform your update and call it from your .NET code. 2. You appear to be storing your user's passwords in clear text. This is very insecure. You should consider encrypting your password using a 1-way salted hash algorithm.
Paul Marfleet "No, his mind is not for rent To any God or government" Tom Sawyer - Rush
-
try this
com.CommandText = "UPDATE tblUsers SET [Password]='" + this.txtPassword1.Text + "' WHERE [UserName]='" + this.UserName.Text + "'"
I Love SQL
No. Don't do this. Haven't you heard of SQL Injection Attacks? Have a read through the many wonderful articles before you find out why this is wrong, oh so wrong.
Deja View - the feeling that you've seen this post before.
-
No. Don't do this. Haven't you heard of SQL Injection Attacks? Have a read through the many wonderful articles before you find out why this is wrong, oh so wrong.
Deja View - the feeling that you've seen this post before.
-
If you are aware about SQL Injection Attacks, then why do you recommend something that is wide open to such an attack? It's your responsibility when posting an answer to give good advice and not to post something that is such blatant bad practice.
Deja View - the feeling that you've seen this post before.
-
If you are aware about SQL Injection Attacks, then why do you recommend something that is wide open to such an attack? It's your responsibility when posting an answer to give good advice and not to post something that is such blatant bad practice.
Deja View - the feeling that you've seen this post before.