0

I am trying to make a website written in C# in Visual Studio 2010. I got a database in .accdb extention.

So I go a table in the database called usertb, and in the table username is the key, and the data password and DOB in columns.

Now I need to make a function to edit a user profile, which lets the user to enter a new password and Date of Birth. After that, it will save to the database.

I don't know why the code seems to be not working. I tried to use 

UPDATE ... SET ...WHERE ..

function but I don't know why it doesn't allow me to do that (is that because my code is written in C# but not PHP?)

Here is the code for edit user profile: (srpassword is the name of the password column, password is the new one user typed in)

public static bool EditUserInfo(string username, string password)
{
    string query = "SELECT REPLACE([srpassword], [srpassword], 'password')
                    FROM usertb WHERE srusername = '" + username + "'";
    accessDB dbaccess = new accessDB();
    return dbaccess.saveData(query);
}

Hope somebody can help me

Improve this question

2 Answers 2

Reset to default
3

The syntax select replace is from MySQL, in SQL Server the update statements goes like this

Also I'm no sure about that accessDB dbaccess = new accessDB();, has the connection etc.

Also instead of combining statement you should use parameters, then your statement should look like this. 

UPDATE usertb SET srpassowr = @password WHERE srusername = @userName;

As you have some class responsible for connection to db this example show how usually sql statemetns should be executed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Did you try "UPDATE usertb SET [srpassword] = '" + password + "' WHERE [srusername] = '" + username + "'?

I'm not going in details why Access is a bad choice, if you're using it only for prototyping it should be OK though.

Improve this answer

3 Comments

Vladislav, I think that @Vash option is better because use Parameters instead of concat values to the query...
Of course it's better, I was just trying not to complicate things too much (for now). First get it working, then make it robust :)
You're welcome, now take a look at the other answer or search in google: "c# parametrized query" :) Believe me, not only will it make your code more readable, but also much more secure (SQL injection becomes impossible) and fast (i.e. if you reuse the same query in a loop).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.