1

First of all I know password is a reserved type of Access Database. But I have read a post that you can put [password] like that and it will work. But its not working. I have tried many ways and still, I hope that some one will help.

OleDbCommand cmd = new OleDbCommand();

try
{
    String query = "update [Employe] set [UserName] ='" + txtNewUser.Text +"', [Password] ='"+ txtNewPass.Text + "', [Authorization] ='" + nudAuthorizationLvl.Value + "', where [Id] = '" + int.Parse(txtExistingId.Text);
    cmd.CommandText = query;
    cmd.Connection = conn;
    conn.Open();

    cmd.ExecuteNonQuery();
    System.Windows.Forms.MessageBox.Show("Info Updated!!!");

    conn.Close();
}
catch (Exception ex)
{
    MessageBox.Show("Error" + ex);
}
finally
{
    conn.Close();
}
Improve this question
2
  • 3
    Use Parameters or you might be a victim of a SQL Injection attack. What's not working exactly? Any exception or error message? Commented Apr 26, 2015 at 3:44
  • As mentioned above, you should really change that to use parameters. Also, I believe you have an extra comma right before the "where" clause that could be causing a syntax error Commented Apr 26, 2015 at 4:11

2 Answers 2

Reset to default
1

I believe you have an extra comma right before your where clause and an extra quote before the ID.

Also, always use parameters, to avoid Sql Injection attacks:

conn.Open();
cmd.CommandText = "update [Employe] set [UserName] =@userName, [Password] =@password, [Authorization] =@authorization where [Id] = @id";
cmd.Connection = conn;
cmd.Parameters.AddRange(new OleDbParameter[]
       {
           new OleDbParameter("@userName", txtNewUser.Text),
           new OleDbParameter("@password", txtNewPass.Text),
           new OleDbParameter("@authorization", nudAuthorizationLvl.Value),
           new OleDbParameter("@id", int.Parse(txtExistingId.Text))
       });
cmd.ExecuteNonQuery();
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

didn't think it was possible to give the comand text through parameters. Thanks man really help full you just made my night. And thanks for the tip. I will try to change my structer with parameters.
Glad to help :) Yes, always use parameters, or else you'll be open to very easy hacks
1

I think there's a syntax error in your update query. Considering your ID field is of type INT, there should not be any ' before the actual value. So you should change your query to the following: 

String query = "update [Employe] set [UserName] ='" + txtNewUser.Text +"', [Password] ='"+ txtNewPass.Text + "', [Authorization] ='" + nudAuthorizationLvl.Value + "', where [Id] = " + int.Parse(txtExistingId.Text);

With that being said, you should really be using parameterized query to pass parameters.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.