Hi all,

I am trying to create an application which involves the User to change the password.

I am using Microsoft Visual Studio for developing the Graphical User Interface and Microsoft SQL server as the back-end.

I have created a separate form which allows the user to change the password.

However I am unaware of how the particular password will be updated to the Database.

I have tried the following code for updating the new password to the database but it is not working.

There is no error in the code when compiling and running but the password is not updated in the database.

Coding:

UserID = txtUserID.Text;
try
{
SqlCommand objSqlCommand = new SqlCommand("update NewUserRegister set Password = @Password where UserID = @UserID",objSqlConnection);

SqlParameter sql;
sql = objSqlCommand.Parameters.Add("@UserID", SqlDbType.Int);
sql.Value = UserID;

MessageBox.Show("Password Updated Successfully");
}
catch (SqlException e1)
{
MessageBox.Show(e1.Message, "Error Information", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
catch(System.Exception e2)
{
MessageBox.Show(e2.Message, "Error Information", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}

Can any one help me out with the correct code snippet I should use to update the password?

I am in urgent need of completing this task. Please reply me soon..

Thanks in advance!!

Recommended Answers

All 3 Replies

Please use code tags in the future.

You're using 2 parameters in the query but only adding one to the command, the @Password variable is never used. See these threads for examples on using parameters:
http://www.daniweb.com/forums/thread191241.html
http://www.daniweb.com/forums/thread198304.html

Here is an example of adding multiple parameters. Change the query and parameter names and you should be set.

private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string query = "Insert Into aTable (aString, aDateTime) Values (@aString, @aDateTime)";
      const string connStr = @"Data Source=apex2006sql;Initial Catalog=DB;Integrated Security=True;";
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          string s1 = "abc123";
          DateTime dtNow = DateTime.Now;
          cmd.Parameters.Add(new SqlParameter(@"aString", SqlDbType.VarChar)).Value = s1;
          cmd.Parameters.Add(new SqlParameter(@"aDateTime", SqlDbType.DateTime)).Value = dtNow;
          cmd.ExecuteNonQuery();
        }
        conn.Close();
      }
    }

Please use code tags in the future.

You're using 2 parameters in the query but only adding one to the command, the @Password variable is never used. See these threads for examples on using parameters:
http://www.daniweb.com/forums/thread191241.html
http://www.daniweb.com/forums/thread198304.html

Here is an example of adding multiple parameters. Change the query and parameter names and you should be set.

private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string query = "Insert Into aTable (aString, aDateTime) Values (@aString, @aDateTime)";
      const string connStr = @"Data Source=apex2006sql;Initial Catalog=DB;Integrated Security=True;";
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          string s1 = "abc123";
          DateTime dtNow = DateTime.Now;
          cmd.Parameters.Add(new SqlParameter(@"aString", SqlDbType.VarChar)).Value = s1;
          cmd.Parameters.Add(new SqlParameter(@"aDateTime", SqlDbType.DateTime)).Value = dtNow;
          cmd.ExecuteNonQuery();
        }
        conn.Close();
      }
    }

Thanks a lot for your prompt reply.

I will try this and let you know.

I have a doubt why should we use the USING block for creating the SQLCommand object.

Is it mandatory to use this.?
Is there any alternative to USING block?

Please if possible clear my doubts.

Thanks in advance!

using() is just a code snippet for calling .Dispose(); on anything implementing IDisposable. It is .NET best practices to dispose of all objects implementing the interface and can lead to resource leaks if you don't. Imagine your SQL Connection -- If you declare it in memory but never dispose it then it will sit in memory until the garbage collector picks it up. If you instantiate 10 SQL Connections before the garbage collector runs you can run out of connection in the connection pool and your application will raise an exception saying it cannot establish a connection.

From the help file on using, this is the alternative to using the code snippet:

Font font1 = new Font("Arial", 10.0f);
  try
  {
    byte charset = font1.GdiCharSet;
  }
  finally
  {
    if (font1 != null)
      ((IDisposable)font1).Dispose();
  }
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.