-1

This is my code. It is not updating the data in table. I cant see any error. The code is executing and displays me that "Successfully updated".

 protected void btnUpdate_Click(object sender, EventArgs e)
    {
        string val = ddlCountry.SelectedValue;
        Response.Write(val); // just to check that the value is changed or not.

        string val2 = txtName.Text;
        Response.Write(val2);

        if (ddlCity.SelectedValue == "--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select your country";
        }
        else if(ddlYear.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Appropriate Experience";
        }
        else if (ddlMonth.SelectedValue == "--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Appropriate Experience";
        }
        else if(ddlIndustry.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Your Current Industry";
        }
        else if(ddlFunction.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select your functional Area";
        }
        else
        {
            string fName = Convert.ToString(Session["fname"]);
            string updateQuery = "Update RegisterMaster set Name='" + txtName.Text + "',Nationality='" + ddlCountry.SelectedValue + "',CurrentLocation='" + ddlCity.SelectedValue + "',MobNumber='"+txtNumber.Text+"',Experience='"+ddlYear.SelectedValue+" "+ddlMonth.SelectedValue+"',CurrentIndustry='"+ddlIndustry.SelectedValue+"',FunctionalArea='"+ddlFunction.SelectedValue+"',KeySkills='"+txtSkills.Text+"',ResumeTitle='"+txtResTitle.Text+"',Resume='"+resFileUpload.ToString()+"' where Name='"+fName+"'";

           int i = c1.ExecuteMyQuery(updateQuery);
           if (i == 1)
           {
               lblUpdation.Text = "Successfully Updated.";
           }
           else
           {
               lblUpdation.Text = "Try Again";
           }

        }
    }

And it displays that update was successful but when i check database, it is not updated. updateProfile.aspx is the same page on which this coding is done. and its in a frameset if that also counts.

implementation of 

c1.ExecuteMyQuery(updateQuery);


 public int ExecuteMyQuery(String sql)
        {
            con.Open();
            cmd.Connection = con;
            cmd.CommandText = sql;
            int i = cmd.ExecuteNonQuery();
            con.Close();
            return i;
        }

This is view profile page This is when I clicked on Update profile This is after i click on update button

whats this????

oops! Your question couldn't be submitted because:

Your post does not have much context to explain the code sections; please explain your scenario more clearly.

Neha Choudhary
  • 4,840
  • 2
  • 16
  • 22
  • Where is the implementation for `c1.ExecuteMyQuery(updateQuery)` – Habib Jun 22 '12 at 05:42
  • I updated the question. And I have properly defined SQLCommand cmd; SqlConnection con; – Neha Choudhary Jun 22 '12 at 05:44
  • How about posting what the value of `updateQuery` looks like before the command gets executed? Your code is VERY prone to errors since you are not using parameters. If there is a special character in any one of those values your SQL statement could become invalid. You should use SQL parameters for this reason AND because right now you are VERY VERY prone to [SQL Injection](http://www.unixwiz.net/techtips/sql-injection.html) – Leland Richardson Jun 22 '12 at 05:56
  • @LelandRichardson Actually I have just started learning ASP.NET so I'm just making a random project to clear my doubts. security is not required at this level in my project. I'm making a job portal site. In that if someone wants to update his profile then this code executes. But its not taking the updated values. It is taking the previous values which are already in database. I should probably send snapshots of that...(2 mins). – Neha Choudhary Jun 22 '12 at 05:58
  • 1
    @NehaChoudhary understood if security is not a concern, but nevertheless you should try using parameters in your queries as it will make the code much easier to understand and will avoid bugs like this (assuming this is the reason for the bug) – Leland Richardson Jun 22 '12 at 06:01
  • @NehaChoudhary, put a break point on the `string updateQuery...` and see if you are hitting that point, also copy the generated query and try to run in against the database – Habib Jun 22 '12 at 06:07
  • @LelandRichardson ok..I will try to do it through paramaters – Neha Choudhary Jun 22 '12 at 06:10
  • @Habib.OSU I checked by putting break point but its not taking the changed values. and query works fine when i directly run it on database. – Neha Choudhary Jun 22 '12 at 06:11

1 Answers1

1

It's very difficult to get like this what is going wrong. However, I have doubt in your code on this line:

string fName = Convert.ToString(Session["fname"]);
        string updateQuery = "Update RegisterMaster set Name='" + txtName.Text + "',Nationality='" + ddlCountry.SelectedValue + "',CurrentLocation='" + ddlCity.SelectedValue + "',MobNumber='"+txtNumber.Text+"',Experience='"+ddlYear.SelectedValue+" "+ddlMonth.SelectedValue+"',CurrentIndustry='"+ddlIndustry.SelectedValue+"',FunctionalArea='"+ddlFunction.SelectedValue+"',KeySkills='"+txtSkills.Text+"',ResumeTitle='"+txtResTitle.Text+"',Resume='"+resFileUpload.ToString()+"' where Name='"+fName+"'";

Are you getting proper value to be successfully update your query? Make a breakpoint and check it after Debugging.

Or

Make a very simple update statement like :Update RegisterMaster set Name="+txtName.Text+", And make sure your table getting updated.

And of-course you query is vulnerable for Sql-Injection as Leland Richardson mentioned. You can learn more about this here: http://www.codeproject.com/Articles/9378/SQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev

Ashwini Verma
  • 7,477
  • 6
  • 36
  • 56
  • changed value you mean textbox value? are you using if (!IsPostBack) in your PageLoad()? – Ashwini Verma Jun 22 '12 at 06:20
  • no i'm not using that. and its not updating any of the values on the page. – Neha Choudhary Jun 22 '12 at 06:23
  • 1
    in your query you are getting the value from texbox, right? please try using if(!IsPostBack) in your PageLoad(). http://msdn.microsoft.com/en-us/library/system.web.ui.page.ispostback.aspx – Ashwini Verma Jun 22 '12 at 06:30
  • hmm...Yes.. Thanks a lot. I dont know why I always forget that. :) – Neha Choudhary Jun 22 '12 at 06:34
  • There is one more doubt. When I select the current location as "--select--" then my code doesn't work properly. It does not display the message as " select your city". Instead of going to the if else statement it is moving to else part which has update query. – Neha Choudhary Jun 22 '12 at 06:41
  • Add RequiredFieldValidator for your Dropdownlist. you can learn here: http://stackoverflow.com/questions/2280559/how-to-add-a-required-field-validator-to-dropdown-list-control OR http://forums.asp.net/t/1123576.aspx/1 – Ashwini Verma Jun 22 '12 at 06:48
  • yeah but whats wrong in doing that from a code written in .cs file – Neha Choudhary Jun 22 '12 at 06:50
  • try using this: ddlCity.SelectedItem.Value == "--Select--" – Ashwini Verma Jun 22 '12 at 06:59