Engineering :: Asp.net MVC
|
|
|
|
|
|
| |
What is the problem in this code? This code not work. but why? where is my problem?
SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
cn.Open();
string Update = @"UPDATE tblStudentInfo SET Email = '" + stuEmail.Text + "', Password = '"+stuPassword.Text+"', StuName = '"+StuName.Text+"', FatherName = '"+StuFName.Text+"', Gender = '"+DropDownListGender.Text+"', Roll_no = "+StuRoll.Text+", Reg_no = "+StuRegitration.Text+", DateOfBirth = '"+StuDataofBirth.Text+"', Address = '"+StuAddress.Text+"', ContactNo = "+StuContact.Text+", Department = '"+StuDepartment.Text+"', Session = '"+StuSession.Text+"' WHERE Id = "+Convert.ToInt32(CheckforDel.Text).ToString()+"";
SqlCommand cmd = new SqlCommand(Update,cn);
cmd.ExecuteNonQuery();
Response.Redirect("Report.aspx");
cn.Close();
|
 |
|
Nambiar said:
|
|
| |
| Is this selected text ?? '"+DropDownListGender.Text+"'?? |
|
Salman said:
|
|
| |
| here is the problem DropDownListGender.Text. Dropdownlist has property selectedItem instead of text. |
|
Jake said:
|
|
| |
| i think dropdownlist is not the problem. if the property gender is a string then the text property of the dropdown can be pass to it. the problem is on the where clause, why converting to int32 at the same time to string?? |
|
Bob said:
|
|
| |
| You are really asking for a sql injection attack with this code. You should be using parameters. |
|
Njuyen said:
|
|
| |
| Can you show error message when run this code? What are sql type of Roll_no, Reg_no, ContactNo? |
|
Njuyeu said:
|
|
| |
| what are values you input into textbox: StuRoll, StuRegitration, StuContact? when you run this code, is there any error? |
|
Raju said:
|
|
| |
| int type errors |
|
Cosimu said:
|
|
| |
| you use parameter collection |
|
|
