0

There is a textbox called tbTodo, which gets information from the database:

SELECT `todo` FROM `user` WHERE `username` LIKE '" + _naam + "'";

which works. The problem now is, i have no idea how to update the todo list in the database: how to send the textbox value and overwrite the one from the database. Code i have so far (which could be totally wrong):

db_connection();
        MySqlCommand cmdRead = new MySqlCommand();
        cmdRead.CommandText = "SELECT `todo` FROM `user` WHERE `username` LIKE '" + _naam + "'";
        cmdRead.Connection = connect;
        MySqlDataReader tdOphalen = cmdRead.ExecuteReader();
        if (tdOphalen.Read())
        {
            tbTodo.Text = tdOphalen.GetString(0);
            connect.Close();
            return true;
        }
        else
        {
            connect.Close();
            return false;
        }
    }
Improve this question
5
  • 3
    Well, if you want to update the database, then you'll need to use an UPDATE command instead of a SELECT command... Commented Sep 16, 2016 at 17:06
  • 2
    And please look up Command.Parameters.AddWithValue(); Commented Sep 16, 2016 at 17:08
  • First of all: do NOT use SQL query strings like that unless you want people to perform SQL injection and harm your database; use a prepared statement. Second, what is it you are trying to update in the database? I understand it's a todo list but what columns are you trying to update and with what information? Commented Sep 16, 2016 at 17:09
  • @Bwolfing For now, it is just a textbox, for a personal project. I have no idea what you mean with prepared statement. I am new to sql. Sorry for my lack of knowlenge, but could you please explain what i should do? Commented Sep 16, 2016 at 17:17
  • Take a look at the SQL Injection, prepared statement, and Exploits of a Mom link from @Filburt to understand the dangers of your query first :) Commented Sep 16, 2016 at 17:18

1 Answer 1

Reset to default
1

syntax of UPDATE command is 

UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;

In your case it would be something like 

"UPDATE `user` set `todo` = '" + tbTodo.Text + "' FROM `user` WHERE `username` LIKE '" + _naam + "'";

It should be good for a first try and learn how update values on a database.

Next steps is learn how to use prepared statement ;)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It kinda works? i guess? So i copied your code in my code, and i get an error at line: MySqlDataReader tdOphalen = cmdRead.ExecuteReader(); which says:Additional information: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM user WHERE username LIKE '<name>'' at line 1 Idea how to fix? Btw, sorry for my lack of knowledge, since i am new
You're using ExecuteReader which allows read-only operations. Use ExecuteNonQuery instead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.