What is the proper query for the update statement?

Question

How could I make this SQL update query to run? Thank you.

        con.Open();
        OleDbCommand dt = new OleDbCommand("UPDATE  AccRec SET  Quantity=" + txtQuantity2.Text + ", Unit=" + txtUnit2.Text + " ,Company=" + txtCompany2.Text + ", Description=" + txtDesc2.Text + ", Amount='" + txtAmt2.Text + " Where No=" + textBox1.Text +"",con);Where No=5'.


        dt.ExecuteNonQuery();
        MessageBox.Show("updated");
        OleDbDataAdapter da = new OleDbDataAdapter("SELECT * From AccRec ", con);
        DataTable ds = new DataTable();
        da.Fill(ds);
        dataGridView2.DataSource = ds;
        con.Close();

[SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection — marc_s, Oct 12 '15 at 04:30
Possible duplicate of [UPDATE from SELECT using SQL Server](http://stackoverflow.com/questions/2334712/update-from-select-using-sql-server) — James-Dean Lorenzo Alimboyogue, Dec 01 '16 at 07:16

score 0 · Accepted Answer · edited Oct 12 '15 at 04:46

Just try this Code

con.Open();
OleDbCommand dt = new OleDbCommand("UPDATE  AccRec SET  Quantity=@P1, Unit=@P2 ,Company=@P3, Description=@P4, Amount=@P5 Where No=@P6",con);

dt.Parameters.Add("@P1", SqlDbType.VarChar);
dt.Parameters["@P1"].Value = txtQuantity2.Text ;
dt.Parameters.Add("@P2", SqlDbType.VarChar);
dt.Parameters["@P2"].Value = txtUnit2.Text;
dt.Parameters.Add("@P3", SqlDbType.VarChar);
dt.Parameters["@P3"].Value = txtCompany2.Text;
dt.Parameters.Add("@P4", SqlDbType.VarChar);
dt.Parameters["@P4"].Value = txtDesc2.Text ;
dt.Parameters.Add("@P5", SqlDbType.VarChar);
dt.Parameters["@P5"].Value = txtAmt2.Text ;
dt.Parameters.Add("@P6", SqlDbType.VarChar);
dt.Parameters["@P6"].Value = textBox1.Text;

dt.ExecuteNonQuery();

MessageBox.Show("updated");
OleDbDataAdapter da = new OleDbDataAdapter("SELECT * From AccRec ", con);
DataTable ds = new DataTable();
da.Fill(ds);
dataGridView2.DataSource = ds;
con.Close();

@James-DeanLorenzoAlimboyogue i just added a sample code, I don't have exact database. So you can just refer my code to get your problem solved. — Shreyas Achar, Oct 12 '15 at 05:20
it say updated but nothing change in my database sir even on data grid — James-Dean Lorenzo Alimboyogue, Oct 12 '15 at 06:08

What is the proper query for the update statement?

1 Answers1