2

I want update several columns in a table by adding a value to existing values in those columns. Here is my current code:

cmd = new SqlCommand("UPDATE Users SET Debit=@debit, 
                                       Score=@score 
                                 WHERE Phone=@phone", con);

con.Open();

cmd.Parameters.AddWithValue("@phone", textBox1.Text);
cmd.Parameters.AddWithValue("@debit", textBox2.Text);
cmd.Parameters.AddWithValue("@score", textBox3.Text);

cmd.ExecuteNonQuery();

MessageBox.Show("Амжилттай");
con.Close();

For example:

Table, Phone: 999 | Debit: 1500 | Score: 100 //current

When I add value from textBox1 = 999, textBox2 = 500, textBox3 = 50, the values should become:

Table, Phone: 999, Debit: 2000, Score: 150 //updating like that

I know how to do this via a SQL query, but I don't know how to write the code in a SqlCommand in .NET:

UPDATE Users 
SET Debit = Debit + [user input], Score = Score + [user input] 
WHERE = Phone

Any suggestions?

Improve this question
1
  • you SqlCommand seems fine, what is the problem? Commented Oct 17, 2017 at 6:45

3 Answers 3

Reset to default
6

If you want to add, just add:

cmd = new SqlCommand(@"UPDATE Users 
                          SET Debit = Debit + @debit, 
                              Score = Score + @score 
                        WHERE Phone = @phone", con);

Please, notice verbatim string @"..." syntax. Please, do not forget about disposing (explicit Close is an antipattern):

string sql = 
  @"UPDATE Users 
       SET Debit = Debit + @debit, 
           Score = Score + @score 
     WHERE Phone = @phone";

//TODO: put the right connection string instead of "MyConnectionStringHere"
//DONE: IDisposable (SqlConnection) should be wrapped into using 
using (var con = new SqlConnection("MyConnectionStringHere")) {
  con.Open();

  //DONE: IDisposable (SqlCommand) should be wrapped into using
  using (var cmd = new SqlCommand(sql, con)) {
    //TODO: AddWithValue is often a bad choice; change to Add 
    cmd.Parameters.AddWithValue("@phone", textBox1.Text);
    cmd.Parameters.AddWithValue("@debit", textBox2.Text);
    cmd.Parameters.AddWithValue("@score", textBox3.Text);

    cmd.ExecuteNonQuery();
    //TODO: a better policy is to read localized strings from resources
    MessageBox.Show("Амжилттай");
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This will help you....just try in this way..

SqlCommand cmd = new SqlCommand("UPDATE Users SET Debit = Debit + " + textBox2.Text + ", Score = Score + " + textBox3.Text + " WHERE Phone = " + textBox1.Text + "", con);
                con.Open();
                cmd.ExecuteNonQuery();
                MessageBox.Show("Амжилттай");
                con.Close();

OR

SqlCommand cmd = new SqlCommand("UPDATE Users SET Debit = Debit + @debit, Score = Score + @score WHERE Phone = @phone", con);
                con.Open();
                cmd.Parameters.AddWithValue("@phone", textBox1.Text);
                cmd.Parameters.AddWithValue("@debit", textBox2.Text);
                cmd.Parameters.AddWithValue("@score", textBox3.Text);
                cmd.ExecuteNonQuery();
                MessageBox.Show("Амжилттай");
                con.Close();
Improve this answer

5 Comments

Please, do not hardcode sql, but use parameters (as in the question)
but output will be same Dmitry Bychenko.
Yes, the output will be the same, but: 1. (Almost) all the queries will be different (so the optimizer should have to generate plans for each query); 2. The query is prone to sql injection: imagine that textBox2.Text contains, say, 123; --. In this case you'll have the query: "UPDATE Users SET Debit = Debit + 123 -- ..." (please, notice **commenting** --). So input 123; --` will update the entire table, not just the required phone
ohhh..yes thanks a lot Dmitry Bychenko...my query is not secured.
I tried this way but it didn't solved my problem. I prefer to use Parameters
0

You can use += operator for update. Change your sql command like this;

UPDATE Users SET Debit+=@debit, 
                 Score+=@score 
                                 WHERE Phone=@phone
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.