1

I'm new to database programming and C#. I'm using SQL server database and connected it to my winforms application. Everything is fine, i can add new rows, and read information from the database but when i try to edit values, it does not seem to work.

Here is the code i'm using.

         private void btneUpdate_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(@"
                Data Source = localhost; 
                Initial Catalog = BookStore; 
                Integrated Security = True;");
            SqlCommand cmd;               

            if(MessageBox.Show("You are about to save the changes. You won't be able to undo those changes.", "Update fields", MessageBoxButtons.OKCancel) == DialogResult.Yes)
            {                                      
                con.Open();
                cmd = new SqlCommand(@"UPDATE Book 
                                        SET   BookTitle = '"+ txteTitle.Text
                                        +"', BookAuthorLname = '"+txteAuthorLname.Text
                                        +"', BookAuthorFname = '"+txteAuthorFname.Text
                                        +"', BookPrice = '"+ Convert.ToDecimal(eprice)
                                        +"', BookDescription = '"+txteDesc.Text
                                        +"', DatePublication = '"+dtpePublished.Value.Date
                                        +"', BookStock = '"+ Convert.ToInt32(estock)
                                        +"', isFiction = '"+ checkboxbool
                                        +"', BookCategory = '"+ cmbeCategory.SelectedValue
                                        +"'  WHERE ISBN = '"+ txteISBN.Text +"';", con);
                cmd.ExecuteNonQuery();
                con.Close();                   
            }

            BindEdit();
            BindGrid();
        }
Improve this question
10
  • there is no error, BTW. it seems to work but when i check the values.. there's no changes. Commented Mar 18, 2015 at 15:55
  • 1
    Run Sql Profiler to see what command is actually being executed. Commented Mar 18, 2015 at 15:57
  • Are you certain that ISBN = txteISBN.Text? Commented Mar 18, 2015 at 15:57
  • Try to set cmd.CommandType = CommandType.Text and execute. Commented Mar 18, 2015 at 15:58
  • 3
    Use SQL profiler and see query being executed. Then try to execute it manually, say in Management Studio - and see - if it will update something. Probably there is some problem with ISBN so where condition is not met. And remember - never use concatenation of sql command as it leads to sql injection. Use parameterized query instead. Commented Mar 18, 2015 at 15:59

1 Answer 1

Reset to default
3

This part of your line is wrong

..... MessageBoxButtons.OKCancel) == DialogResult.Yes)

you should check for DialogResult.OK otherwise you will never enter the update code

..... MessageBoxButtons.OKCancel) == DialogResult.OK)

Said that, please stop a moment and take a bit of your time learning how to create parameterized queries. These are the only correct way to write code that interacts with a database. String concatenation is really a bad practice and leads to Sql Injection attacks

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.