2

I have a SQL Server table with columns like this:

Mobile No  <>  OTP   <> GenTime <> AuthTime <> IsAuth
9632587410 <> 256389 <> ******  <> ******** <> False
9876543210 <> 258963 <> *****   <> ******   <> False

so on ...

using (SqlConnection conn = new SqlConnection())
{
    string inputn = Console.ReadLine();
    long mobileNo;
    long.TryParse(inputn, out mobileNo);

    string inputo = Console.ReadLine();

    int OTP;
    Int32.TryParse(inputo, out OTP);

    DateTime now = DateTime.Now;

    conn.ConnectionString = "Data Source=10.0.0.98;Initial Catalog=TeletextCMS_Dev;User ID=Testteam;Password=Cognigent33#";
    conn.Open();

    //long r = 8947052876;
    SqlCommand command = new SqlCommand("SELECT * FROM CustomerAuthOTP WHERE MobileNum=" + mobileNo, conn);
    int f = 0;

    using (SqlDataReader reader = command.ExecuteReader())
    {
        while (reader.Read())
        {
            //int OTP = reader[1];
            int OTPGen = int.Parse(string.Format("{0}", reader[1]));
            int a = now.Hour;
            int b = now.Minute;
            int e = now.Day;

            DateTime then = DateTime.Parse(string.Format("{0}", reader[2]));

            int c = then.Hour;
            int d = then.Minute;
            int g = then.Day;

            if (e == g)
            {
                int t = (a - c) * 60 + b - d;

                if (OTP == OTPGen && e == g && t <= 15)
                {
                    Console.WriteLine("Hi");
                    f = 1;                           
                }
                else
                {
                    Console.WriteLine("No");
                }
            }

            if (e > g)
            {
                int t = (a + 24 - c) * 60 + b - d;

                if (OTP == OTPGen && e == g && t <= 15)
                {
                    Console.WriteLine("Hi");
                    f = 1;
                }
                else
                {
                    Console.WriteLine("No");
                }
            }
        }
    }

    if(f == 1)
    {
        SqlCommand cmd = new SqlCommand("UPDATE CustomerAuthOTP  SET IsAuthenticated=True, AuthenticationTime=" + now, conn);
        Console.WriteLine("Hi");
    }
}

Now at the bottom I have an Update command. I tried to execute it but it is not doing anything.

There is no error in the code. Kindly some one help me out if f== 1 then in the CustomerAuthOTP table update the IsAuthenticated value to be true and also set the authentication time to now.DateTime()

Improve this question
3
  • 1
    First check to make sure f is equal to 1. Next, you are not doing anything with your command. If you want to execute it use cmd.ExecuteNonQuery() Commented Dec 8, 2015 at 12:04
  • yes in this case the value of f changes to 1. Commented Dec 8, 2015 at 12:14
  • SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Dec 8, 2015 at 13:00

2 Answers 2

Reset to default
3

First of all you should execute your commnd: 

SqlCommand cmd = new SqlCommand("UPDATE CustomerAuthOTP  SET IsAuthenticated=True, AuthenticationTime=" + now, conn);
cmd.ExecuteNonQuery();

I recommend to use SqlCommand.Parameters 

var commandText = "UPDATE CustomerAuthOTP  SET IsAuthenticated=@IsAuthenticated, AuthenticationTime=@AuthenticationTime";
SqlCommand cmd = new SqlCommand(commandText, conn);
cmd.Parameters.AddWithValue("@IsAuthenticated", true);
cmd.Parameters.AddWithValue("@AuthenticationTime", now);
cmd.ExecuteNonQuery();

It'll help SQL provider to determine parameter types and protects against SQL-injections.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I have include your commands, But every time it throws an error stating that InvalidOperationalExceptionHandle at cmd.ExecuteNonQuery(); Do i need to include any header and even cmd.ExecuteNonQuery(); is not changing its colour :P
InvalidOperationalExceptionHandle ?... do you mean InvalidOperationException? And what is the .Message? Is it perhaps that the connection isn't open?
It can be types problem. Try change AddWithValue-strings to ` cmd.Parameters.Add("@IsAuthenticated", SqlDbType.Bit).Value = true; cmd.Parameters.Add("@AuthenticationTime", SqlDbType.DateTime).Value = now;` And write here exception message.
Yes that is the message and the db connection is open , so then i am able to get OTP value from it
@NithinVeerReddyKankanti Look at this article: stackoverflow.com/questions/18383076/…
2 
DateTime now = DateTime.Now;
...
SqlCommand cmd = new SqlCommand(
    "UPDATE CustomerAuthOTP  SET IsAuthenticated=True, AuthenticationTime="
    + now, conn);

Note that this will be a string concatenation, and (depending on your locale, etc), the following is not valid TSQL:

UPDATE CustomerAuthOTP  SET IsAuthenticated=True, AuthenticationTime=08/12/2015 12:08:32

The immediate problem is formatting (both the datetime and the boolean are wrong), but it is best fixed by parameterization - you should almost never be concatenating values into TSQL:

SqlCommand cmd = new SqlCommand(
"UPDATE CustomerAuthOTP SET IsAuthenticated=1, AuthenticationTime=@now", conn);
cmd.Parameters.AddWithValue("now", now);
cmd.ExecuteNonQuery();

Or with a tool like "dapper":

conn.Execute("UPDATE CustomerAuthOTP  SET IsAuthenticated=1, AuthenticationTime=@now",
    new { now });
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.