Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. Web Development
  3. ASP.NET
  4. query

query

Scheduled Pinned Locked Moved ASP.NET
databasehelptutorialannouncement
15 Posts 6 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Abhijit Jana

    mylogics wrote:

    string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"' WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";

    Set breakpoint over here. Run you appliction, Copy the str value. Put it into SQL Server Query window and check what error it is throwing. This is the way you can identify your own problem !! As per your code goes, Please be aware of SQL Injection !!!

    Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET

    S Offline
    S Offline
    sashidhar
    wrote on last edited by
    #4

    LOL SAme Solution..!

    MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.

    A 1 Reply Last reply
    0
    • S sashidhar

      For Now We Can Help ..! If the Same error comes agani Then What?You Will Post Again..1 I will tell You The Way to solve Your Problem 1)Keep a break Point on**

      mylogics wrote:

      string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"' WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";

      **and run it..! 2)press f11 as it passes that line part Mouseover on the string str You Will Get a Magnifier click on it You Will Get the Query in popup Window.Then You Can Test It..!:cool:

      MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.

      M Offline
      M Offline
      mylogics
      wrote on last edited by
      #5

      i have given the breakpoint:it shows: str = "UPDATE memberlogin SET Password='0003',Confirmpassword='0003'WHERE MemberNo='0003' AND Password='0003'" as soon as it execute the query givs error...

      A S 2 Replies Last reply
      0
      • M mylogics

        hii all m using update query to update the new paassword in my login table on button click. it gives error:"syntax error in upadate statement". the code is:

        protected void Button1_Click(object sender, EventArgs e)
        {

                string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"' 
        

        WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";
        OleDbCommand cmd = new OleDbCommand(str,conn);
        conn.Open();
        cmd.ExecuteNonQuery();
        conn.Close();

         }
        

        plz guide wr m i wrong... thanks...

        A Offline
        A Offline
        Abhishek Sur
        wrote on last edited by
        #6

        The query looks good, the only possible problem that might took place is when Parameters like txtnewpassword, txtconfirmpassword,txtusername, txtpassword comes with some weird values. Say I write txtnewpassword.Text = "0'--" This is what we call SQL injection. So use like this.

        string str = "UPDATE memberlogin SET Password=@newpass, Confirmpassword=@confirm WHERE MemberNo=@member AND Password=@password";
        OleDbCommand cmd = new OleDbCommand(str, conn);
        SqlParameter confirm = new SqlParameter("@confirm", SqlDbType.NVarchar, 50);
        confirm.value = txtnewpassword.Text; // This will remove sql injection
        cmd.Parameters.Add(confirm);
        .....
        ...
        ...

        .. Do this for all other parameters. Hope you got this more clear now. :rose:

        Abhishek Sur


        My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB

        **Don't forget to click "Good Answer" if you like to.

        M 1 Reply Last reply
        0
        • M mylogics

          i have given the breakpoint:it shows: str = "UPDATE memberlogin SET Password='0003',Confirmpassword='0003'WHERE MemberNo='0003' AND Password='0003'" as soon as it execute the query givs error...

          A Offline
          A Offline
          Abhishek Sur
          wrote on last edited by
          #7

          Oh.. there must be a space just before Where statement .. I guess. :)

          Abhishek Sur


          My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB

          **Don't forget to click "Good Answer" if you like to.

          1 Reply Last reply
          0
          • M mylogics

            i have given the breakpoint:it shows: str = "UPDATE memberlogin SET Password='0003',Confirmpassword='0003'WHERE MemberNo='0003' AND Password='0003'" as soon as it execute the query givs error...

            S Offline
            S Offline
            sashidhar
            wrote on last edited by
            #8

            Hope You Got the Solution as Abi Suggests..!

            MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.

            1 Reply Last reply
            0
            • A Abhishek Sur

              The query looks good, the only possible problem that might took place is when Parameters like txtnewpassword, txtconfirmpassword,txtusername, txtpassword comes with some weird values. Say I write txtnewpassword.Text = "0'--" This is what we call SQL injection. So use like this.

              string str = "UPDATE memberlogin SET Password=@newpass, Confirmpassword=@confirm WHERE MemberNo=@member AND Password=@password";
              OleDbCommand cmd = new OleDbCommand(str, conn);
              SqlParameter confirm = new SqlParameter("@confirm", SqlDbType.NVarchar, 50);
              confirm.value = txtnewpassword.Text; // This will remove sql injection
              cmd.Parameters.Add(confirm);
              .....
              ...
              ...

              .. Do this for all other parameters. Hope you got this more clear now. :rose:

              Abhishek Sur


              My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB

              **Don't forget to click "Good Answer" if you like to.

              M Offline
              M Offline
              mylogics
              wrote on last edited by
              #9

              i tried but prom is same....

              A 1 Reply Last reply
              0
              • M mylogics

                i tried but prom is same....

                A Offline
                A Offline
                Abhijit Jana
                wrote on last edited by
                #10

                mylogics wrote:

                i tried but prom is same....

                What you have tried ? Did you give a space @where section in your code ? If yes then what error is coming now ?

                Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET

                M 1 Reply Last reply
                0
                • S sashidhar

                  LOL SAme Solution..!

                  MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.

                  A Offline
                  A Offline
                  Abhijit Jana
                  wrote on last edited by
                  #11

                  sashidhar wrote:

                  LOL SAme Solution..!

                  With Same time :jig:

                  Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET

                  V 1 Reply Last reply
                  0
                  • A Abhijit Jana

                    mylogics wrote:

                    i tried but prom is same....

                    What you have tried ? Did you give a space @where section in your code ? If yes then what error is coming now ?

                    Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET

                    M Offline
                    M Offline
                    mylogics
                    wrote on last edited by
                    #12

                    yaaa i have given space at where as u told but still it gives error: "syntax error at upadate statement". i also tried using sqlinjection but same...

                    G S 2 Replies Last reply
                    0
                    • M mylogics

                      yaaa i have given space at where as u told but still it gives error: "syntax error at upadate statement". i also tried using sqlinjection but same...

                      G Offline
                      G Offline
                      Greg Chelstowski
                      wrote on last edited by
                      #13

                      You've tried using sqlinjection? Oh... :wtf:

                      var question = (_2b || !(_2b));

                      --

                      Mr Mackey from South Park said:

                      And remember children, there are no stupid questions, just stupid people

                      1 Reply Last reply
                      0
                      • M mylogics

                        yaaa i have given space at where as u told but still it gives error: "syntax error at upadate statement". i also tried using sqlinjection but same...

                        S Offline
                        S Offline
                        sashidhar
                        wrote on last edited by
                        #14

                        UPDATE memberlogin SET Password='0003',Confirmpassword='0003' WHERE MemberNo='0003' AND Password='0003' use this Query and run it in sqlquery window

                        MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.

                        1 Reply Last reply
                        0
                        • A Abhijit Jana

                          sashidhar wrote:

                          LOL SAme Solution..!

                          With Same time :jig:

                          Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET

                          V Offline
                          V Offline
                          Vasudevan Deepak Kumar
                          wrote on last edited by
                          #15

                          There is a one minute gap between the posts anyway. :)

                          Vasudevan Deepak Kumar Personal Homepage
                          Tech Gossips
                          The woods are lovely, dark and deep, But I have promises to keep, And miles to go before I sleep, And miles to go before I sleep!

                          1 Reply Last reply
                          0
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • World
                          • Users
                          • Groups