SQL Server database is not updating C#

Question

I'm new to database programming and C#. I'm using SQL server database and connected it to my winforms application. Everything is fine, i can add new rows, and read information from the database but when i try to edit values, it does not seem to work.

Here is the code i'm using.

         private void btneUpdate_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(@"
                Data Source = localhost; 
                Initial Catalog = BookStore; 
                Integrated Security = True;");
            SqlCommand cmd;               

            if(MessageBox.Show("You are about to save the changes. You won't be able to undo those changes.", "Update fields", MessageBoxButtons.OKCancel) == DialogResult.Yes)
            {                                      
                con.Open();
                cmd = new SqlCommand(@"UPDATE Book 
                                        SET   BookTitle = '"+ txteTitle.Text
                                        +"', BookAuthorLname = '"+txteAuthorLname.Text
                                        +"', BookAuthorFname = '"+txteAuthorFname.Text
                                        +"', BookPrice = '"+ Convert.ToDecimal(eprice)
                                        +"', BookDescription = '"+txteDesc.Text
                                        +"', DatePublication = '"+dtpePublished.Value.Date
                                        +"', BookStock = '"+ Convert.ToInt32(estock)
                                        +"', isFiction = '"+ checkboxbool
                                        +"', BookCategory = '"+ cmbeCategory.SelectedValue
                                        +"'  WHERE ISBN = '"+ txteISBN.Text +"';", con);
                cmd.ExecuteNonQuery();
                con.Close();                   
            }

            BindEdit();
            BindGrid();
        }

there is no error, BTW. it seems to work but when i check the values.. there's no changes. — benj_, Mar 18 '15 at 15:55
Run Sql Profiler to see what command is actually being executed. — Scottie, Mar 18 '15 at 15:57
can you verify if the where clause indeed returns results for you to update on — overloading, Mar 18 '15 at 15:59
Use SQL profiler and see query being executed. Then try to execute it manually, say in Management Studio - and see - if it will update something. Probably there is some problem with ISBN so where condition is not met. And remember - **never** use concatenation of sql command as it leads to sql injection. Use parameterized query instead. — Andrey Korneyev, Mar 18 '15 at 15:59
Little Bobby Tables came to town, and he helped you drop the Book table. — Aaron Bertrand, Mar 18 '15 at 16:00
man, i feel really stupid, and rightly so. But I'm glad i asked it here. I mean i was looking for the error in all the wrong places. I managed to overlook just a little bit of code in DialogResult.Yes which should be DialogResult.OK as steve has said. I'll look into the parameterized queries as you guys seem to agree that concatenating queries is bad business. thanks guys. — benj_, Mar 18 '15 at 16:09
Seeing a button_click and a SqlConnection in the same code...hurts my eyes............... — granadaCoder, Mar 18 '15 at 17:38
@granadaCoder yeah, i know right?. i tried to put it on top of my code but then i get all these con.open() should be closed errors. f*cking newb = me — benj_, Mar 18 '15 at 18:12

score 3 · Answer 1 · edited May 23 '17 at 10:24

This part of your line is wrong

..... MessageBoxButtons.OKCancel) == DialogResult.Yes)

you should check for DialogResult.OK otherwise you will never enter the update code

..... MessageBoxButtons.OKCancel) == DialogResult.OK)

Said that, please stop a moment and take a bit of your time learning how to create parameterized queries. These are the only correct way to write code that interacts with a database. String concatenation is really a bad practice and leads to Sql Injection attacks

SQL Server database is not updating C#

1 Answers1