hi im trying to update points from a windows from to a database, but im not sure how i get the infromation from a variable "totalPoints" to be inserted into the "points" field from the database
using (OleDbConnection conn = new OleDbConnection(strCon))
{
String sqlPoints = "UPDATE points FROM customer WHERE [customerID]="
+ txtCustomerID.Text;
conn.Open();
conn.Close();
}
Thanks for any help!
First off, you should be using parameterized queries - this is vulnerable to SQL Injection.
Take a look here: How do parameterized queries help against SQL injection?
To answer your question, you need to look into OleDbCommand and ExecuteNonQuery:
public void InsertRow(string connectionString, string insertSQL)
{
using (OleDbConnection connection = new OleDbConnection(connectionString))
{
// The insertSQL string contains a SQL statement that
// inserts a new row in the source table.
OleDbCommand command = new OleDbCommand(insertSQL);
// Set the Connection to the new OleDbConnection.
command.Connection = connection;
// Open the connection and execute the insert command.
try
{
connection.Open();
command.ExecuteNonQuery();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
// The connection is automatically closed when the
// code exits the using block.
}
}
http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbconnection(v=vs.100).aspx
Also, you might need to relook at your SQL -- not sure what you're trying to accomplish. If you're using SQL Server, the syntax should look like UPDATE TABLE SET FIELD = VALUE WHERE FIELD = VALUE.
Good luck.
