0
SqlConnection myConn = new SqlConnection();

            myConn.ConnectionString = "Data Source=192.168.15.252;Initial Catalog=TestDB;User ID=sa;Password=Pdindia123;";

            myConn.Open();

            string strqry = "UPDATE Registration SET  Password = ' " + Text2.Text + " ',PhoneNo = ' " + Text3.Text + " ', Email = '" + Text4.Text + "' WHERE (UserName = ' " + Text1.Text + " ')";


            Response.Write("UPDATE Registration SET  Password = ' " + Text2.Text + " ',PhoneNo = ' " + Text3.Text + " ', Email = '" + Text4.Text + "' WHERE (UserName = ' " + Text1.Text + " ')");

            Label1.Text = Text3.Text;

            SqlCommand myCom = new SqlCommand(strqry, myConn);

           myCom.ExecuteNonQuery();

            myConn.Close();

no error not updating anything.....

Edited by __avd: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).

3
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by __avd
0

Since you are updating a table based on some condition like UserName = ' " + Text1.Text + " ', the condition may not fail as there may not be a UserName in the Registration table satisfying the condition.

Just copyt the UPDATe statement generated by Response.Write into SQL Management studio and check how many rows are updated.

0

Do not put extra blanks before and after the field,

string strqry = "UPDATE Registration SET  Password = '" + Text2.Text + "', PhoneNo = '" + Text3.Text + "', Email = '" + Text4.Text + "'  WHERE (UserName ='" + Text1.Text + "')";

Do not form SQL-query using string concatenation. It's a bad practice. Use stored-procedure or parameterized query.

Read MSDN article SQL Injection.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.