2

i have a code like this:

public int updateFriend(long id, string Firstname, string Lastname, string Nickname, DateTime Birthdate, int Age, string Gender)
    {
        OleDbConnection con = new OleDbConnection(conString());

        string query = "UPDATE FriendList SET Firstname  ='" + Firstname + "', Lastname ='" + Lastname + "',Nickname ='" + Nickname + "',Birthday ='" + Birthdate + "',Age ='" + Age + "', Gender  ='" + Gender + "' WHERE ID = " + id;

        OleDbCommand cmd = new OleDbCommand(query, con);

        con.Open();

        int rowsAffected = cmd.ExecuteNonQuery();
        con.Close();

        return (rowsAffected);
    }

now the problem is when i click the update button it calls the method updateFriend, then an error appears on the Line "int rowsAffected = cmd.ExecuteNonQuery();" saying

"No value given for one or more required parameters."

Can somebody help me with this?

Improve this question
9
  • 3
    You should use Parameterized query also look up how to use Parameters.AddWithValue() Method also wrap that code in a Try{}catch{} refactor the Update statement to use Params also look at string.Format to format the Update statement try to avoid using Single Quotes mixed with Double Quotes.. you will only confuse yourself in the long run.. Commented Feb 11, 2013 at 14:38
  • 1
    Did you verify that all of the parameters getting passed to the query have values? Commented Feb 11, 2013 at 14:40
  • 1
    OleDbConnection con = new OleDbConnection(conString()); where is conString Declared..? Commented Feb 11, 2013 at 14:42
  • 1
    Birthdate is coming as null i think Commented Feb 11, 2013 at 14:43
  • MMK what makes you think that.? Commented Feb 11, 2013 at 14:44

2 Answers 2

Reset to default
2 
string query = "UPDATE FriendList SET Firstname  ='" + Firstname + "', Lastname ='" + Lastname + "',Nickname ='" + Nickname + "',Birthday ='" + Birthdate + "',Age ='" + Age + "', Gender  ='" + Gender + "' WHERE ID = " + id;

You are passing all parameters as string where some of them are int and one is DateTime. As suggested you should use Parameters.AddWithValue()

string query = "UPDATE FriendList SET Firstname = @Firstname, Lastname = @Lastname , Nickname = @Nickname, Birthday = @Birthdate, Age = @Age, Gender = @Gender WHERE ID = @id";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@Firstname", FirstName);
//add rest parameters the same way as above
cmd.Parameters.AddWithValue("@id", id);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Talking about on your error message;

"No value given for one or more required parameters."

This message will appears probably one of your parameters is null or zero-length string. Or the reason can be misspelling of your parameters.

Check your query in your database first and look which column gives you an error.

And please, never add your parameters in your sql command. That may cause SQL Injection attack. Always use parameterized query on your queries.

Check out SqlParameterCollection.AddWithValue() method from MSDN.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.