SQL UPDATE Multiple Params
-
Hello, I have a problem with this code here.
cmd.CommandText = "UPDATE DBPROF SET (ID,NAME,PROF) = " + "(?,?,?) WHERE (rowguid = '"+strGUID+"')"; cmd.Parameters.Add(@"ID",dID); cmd.Parameters.Add(@"NAME",strName); cmd.Parameters.Add(@"PROF",strPROF);Why this code isn't working for updating db ? also values instead "?" don't work:(@ID,@NAME,@PROF) -
Hello, I have a problem with this code here.
cmd.CommandText = "UPDATE DBPROF SET (ID,NAME,PROF) = " + "(?,?,?) WHERE (rowguid = '"+strGUID+"')"; cmd.Parameters.Add(@"ID",dID); cmd.Parameters.Add(@"NAME",strName); cmd.Parameters.Add(@"PROF",strPROF);Why this code isn't working for updating db ? also values instead "?" don't work:(@ID,@NAME,@PROF)You don't say what database you are using - This is important information as there are subtle differences between each type of database (even from the same Vendor - MS Access has some differences with SQL Server) Also, you have ommitted to describe what the cmd object is. Is it an OleDbCommand, a SqlCommand, an OracleCommand or what? There may be some slight differences in the way each of these work as a result of interacting with different databases. This information is also good to know as it helps diagnose the problem. Why are you using parameters for the update values, but you are injecting the GUID into the string (this leaves you open to a SQL Injection attack) Finally, a stab at the answer: The syntax I would use is:
UPDATE DBPROF SET ID=@id, NAME=@name, PROF=@prof WHERE rowguid='GuidValueHere'
This is valid for SQL Server.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
Upcoming talk: SELECT UserName, Password FROM Users -- Getting unauthorised access to a SQL Server, and how to prevent it.
-
Hello, I have a problem with this code here.
cmd.CommandText = "UPDATE DBPROF SET (ID,NAME,PROF) = " + "(?,?,?) WHERE (rowguid = '"+strGUID+"')"; cmd.Parameters.Add(@"ID",dID); cmd.Parameters.Add(@"NAME",strName); cmd.Parameters.Add(@"PROF",strPROF);Why this code isn't working for updating db ? also values instead "?" don't work:(@ID,@NAME,@PROF)cmd.CommandText =
"UPDATE DBPROF SET ID = ?, " +
"NAME = ?, PROF = ? " +
"WHERE rowguid = ?";cmd.Parameters.Add( "ID", dID );
cmd.Parameters.Add( "NAME", strName );
cmd.Parameters.Add( "PROF", strProf );
cmd.Parameters.Add( "rowguid", strGUID );If you're using the SQL Server Managed provider, change the ? in CommandText for @param names, then supply the same @param names for the corresponding parameters:
cmd.CommandText =
"UPDATE DBPROF SET ID = @id, " +
"NAME = @name, PROF = @name " +
"WHERE rowguid = @rowguid";cmd.Parameters.Add( "@id", dID );
cmd.Parameters.Add( "@name", strName );
cmd.Parameters.Add( "@prof", strProf );
cmd.Parameters.Add( "@rowguid", strGUID );Stability. What an interesting concept. -- Chris Maunder
-
cmd.CommandText =
"UPDATE DBPROF SET ID = ?, " +
"NAME = ?, PROF = ? " +
"WHERE rowguid = ?";cmd.Parameters.Add( "ID", dID );
cmd.Parameters.Add( "NAME", strName );
cmd.Parameters.Add( "PROF", strProf );
cmd.Parameters.Add( "rowguid", strGUID );If you're using the SQL Server Managed provider, change the ? in CommandText for @param names, then supply the same @param names for the corresponding parameters:
cmd.CommandText =
"UPDATE DBPROF SET ID = @id, " +
"NAME = @name, PROF = @name " +
"WHERE rowguid = @rowguid";cmd.Parameters.Add( "@id", dID );
cmd.Parameters.Add( "@name", strName );
cmd.Parameters.Add( "@prof", strProf );
cmd.Parameters.Add( "@rowguid", strGUID );Stability. What an interesting concept. -- Chris Maunder