query
-
mylogics wrote:
string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"' WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";
Set breakpoint over here. Run you appliction, Copy the str value. Put it into SQL Server Query window and check what error it is throwing. This is the way you can identify your own problem !! As per your code goes, Please be aware of SQL
Injection
!!!Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
LOL SAme Solution..!
MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.
-
For Now We Can Help ..! If the Same error comes agani Then What?You Will Post Again..1 I will tell You The Way to solve Your Problem 1)Keep a break Point on**
mylogics wrote:
string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"' WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";
**and run it..! 2)press f11 as it passes that line part Mouseover on the string str You Will Get a Magnifier click on it You Will Get the Query in popup Window.Then You Can Test It..!:cool:
MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.
-
hii all m using update query to update the new paassword in my login table on button click. it gives error:"syntax error in upadate statement". the code is:
protected void Button1_Click(object sender, EventArgs e)
{string str = "UPDATE memberlogin SET Password='"+txtnewpassword.Text+"',Confirmpassword='"+txtconfirmpassword.Text+"'
WHERE MemberNo='"+txtusername.Text+"' AND Password='"+txtpassword.Text+"'";
OleDbCommand cmd = new OleDbCommand(str,conn);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();}
plz guide wr m i wrong... thanks...
The query looks good, the only possible problem that might took place is when Parameters like txtnewpassword, txtconfirmpassword,txtusername, txtpassword comes with some weird values. Say I write
txtnewpassword.Text = "0'--"
This is what we call SQL injection. So use like this.string str = "UPDATE memberlogin SET Password=@newpass, Confirmpassword=@confirm WHERE MemberNo=@member AND Password=@password";
OleDbCommand cmd = new OleDbCommand(str, conn);
SqlParameter confirm = new SqlParameter("@confirm", SqlDbType.NVarchar, 50);
confirm.value = txtnewpassword.Text; // This will remove sql injection
cmd.Parameters.Add(confirm);
.....
...
..... Do this for all other parameters. Hope you got this more clear now. :rose:
Abhishek Sur
My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB
**Don't forget to click "Good Answer" if you like to.
-
i have given the breakpoint:it shows: str = "UPDATE memberlogin SET Password='0003',Confirmpassword='0003'WHERE MemberNo='0003' AND Password='0003'" as soon as it execute the query givs error...
Oh.. there must be a space just before Where statement .. I guess. :)
Abhishek Sur
My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB
**Don't forget to click "Good Answer" if you like to.
-
i have given the breakpoint:it shows: str = "UPDATE memberlogin SET Password='0003',Confirmpassword='0003'WHERE MemberNo='0003' AND Password='0003'" as soon as it execute the query givs error...
Hope You Got the Solution as Abi Suggests..!
MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.
-
The query looks good, the only possible problem that might took place is when Parameters like txtnewpassword, txtconfirmpassword,txtusername, txtpassword comes with some weird values. Say I write
txtnewpassword.Text = "0'--"
This is what we call SQL injection. So use like this.string str = "UPDATE memberlogin SET Password=@newpass, Confirmpassword=@confirm WHERE MemberNo=@member AND Password=@password";
OleDbCommand cmd = new OleDbCommand(str, conn);
SqlParameter confirm = new SqlParameter("@confirm", SqlDbType.NVarchar, 50);
confirm.value = txtnewpassword.Text; // This will remove sql injection
cmd.Parameters.Add(confirm);
.....
...
..... Do this for all other parameters. Hope you got this more clear now. :rose:
Abhishek Sur
My Latest Articles **Create CLR objects in SQL Server 2005 C# Uncommon Keywords Read/Write Excel using OleDB
**Don't forget to click "Good Answer" if you like to.
-
mylogics wrote:
i tried but prom is same....
What you have tried ? Did you give a space @where section in your code ? If yes then what error is coming now ?
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
LOL SAme Solution..!
MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.
sashidhar wrote:
LOL SAme Solution..!
With Same time :jig:
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
mylogics wrote:
i tried but prom is same....
What you have tried ? Did you give a space @where section in your code ? If yes then what error is coming now ?
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
yaaa i have given space at where as u told but still it gives error: "syntax error at upadate statement". i also tried using sqlinjection but same...
You've tried using sqlinjection? Oh... :wtf:
var question = (_2b || !(_2b));
--
Mr Mackey from South Park said:
And remember children, there are no stupid questions, just stupid people
-
yaaa i have given space at where as u told but still it gives error: "syntax error at upadate statement". i also tried using sqlinjection but same...
UPDATE memberlogin SET Password='0003',Confirmpassword='0003' WHERE MemberNo='0003' AND Password='0003' use this Query and run it in sqlquery window
MyFirstArticlePublished: MenuControlSelectedItem Why Do Some People Forget To Mark as Answer .If It Helps.
-
sashidhar wrote:
LOL SAme Solution..!
With Same time :jig:
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
There is a one minute gap between the posts anyway. :)
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
The woods are lovely, dark and deep, But I have promises to keep, And miles to go before I sleep, And miles to go before I sleep!