Hey Guys,

I'm connecting to an SQL server and updating some fields. This works:

cmd = new SqlCommand("UPDATE Laptops SET Checkout_Date = '" + form_CheckOut.checkout + "' WHERE name='pen-laptop1'", conn);
cmd.ExecuteNonQuery();

But this one doesn't:

cmd = new SqlCommand("UPDATE Laptops SET " +
" isCheckedOut = 0" +
" Checkout_Date = '" + form_CheckOut.checkout + 
"', Checkin_Date = '" + form_CheckOut.checkin +
"', Checked_Out_By = '" + form_CheckOut.user + 
"', WHERE name = 'pen-laptop1'");

cmd.ExecuteNonQuery();

EDIT - FIXED CODE BELOW

cmd = new SqlCommand("UPDATE Laptops SET isCheckedOut = 0" +
                    ", Checkout_Date = '" + form_CheckOut.checkout + 
                    "', Checkin_Date = '" + form_CheckOut.checkin +
                    "', Checked_Out_By = '" + form_CheckOut.user + 
                    "' WHERE Name = '" + name + "'", conn);

NEVERMIND - didn't have ,conn);

Edited my previous post :)

Suggestion: Don't use SQL query by concatenating hard-coded strings together with a string entered by the user.

Sql Injection.

Very neat - I'll give that a whirl now.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.18 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.