0

I am trying to create a simple button, that when clicked, adds 1 to the related column. I use a dropdown box to select the ID, then add 1 to the value. However, I am presented with the error:

A first chance exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll

and it highlights cm.ExecuteNonQuery();

I have gone through several attempts at this but it's getting me a little confused as to why I can't simply run the SQL statement.

Here is the code

private void button2_Click(object sender, EventArgs e) {
    try {
        SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text, mySqlConnection);
        cm.ExecuteNonQuery();
    } catch (SqlCeException) {
        MessageBox.Show("Error");
    }
}
timss
  • 9,982
  • 4
  • 34
  • 56
Matt Murphy
  • 265
  • 2
  • 11
  • `'" + comboBox1.Text` -- you have an extra apostrophe or you need a closing one -- depends on the data type. Also look into using parameterized queries -- much safer. – sgeddes Jan 08 '16 at 22:56
  • Thankyou - this has helped a lot! Still trying to get it to input data into the database though. – Matt Murphy Jan 08 '16 at 23:02

3 Answers3

2

Your command has a opening apostrophe which is not being closed. This should fix it.

SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text + "'", mySqlConnection);

But that's a security issue since the user can manage to add extra commands to your query, which could ruin your entire database.

This is a better solution since using parameters is more safe.

SqlCeCommand cm = new SqlCeCommand("UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = @fixedid;", mySqlConnection);
cm.Parameters.AddWithValue("@fixedid", comboBox1.Text);

This will prevent future headaches.

This question has better detailed answers that may help enlighten your mind...

Community
  • 1
  • 1
Phiter
  • 14,570
  • 14
  • 50
  • 84
2
"UPDATE fixedBugs SET Success = Success + 1 WHERE Fixed_ID = '" + comboBox1.Text + "'"

Need to close the string parameter with ' in query?

myselfmiqdad
  • 2,518
  • 2
  • 18
  • 33
nee21
  • 189
  • 2
  • 2
  • 13
1

You need to think about below things;

  1. User must select a value.
  2. Security

  3. Dispose the command after using it.

        string selectedValue = comboBox1.Text;
    if (string.IsNullOrEmpty(selectedValue))
    {
        MessageBox.Show("Please select something");
        return;
    }
    string sql = "UPDATE fixedBugs SET Success = ISNULL(Success,0) + 1 WHERE Fixed_ID = @selectedValue";
    try
    {
        using (SqlCeCommand cm = new SqlCeCommand(sql, mySqlConnection))
        {
            SqlCeParameter param = new SqlCeParameter("@selectedvalue", SqlDbType.NText);
            cm.Parameters.Add(param);
            cm.Parameters["@selectedvalue"].Size = 50;
            cm.Parameters["@selectedvalue"].Value = selectedValue.Trim();
            cm.ExecuteNonQuery();
        }
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }

PS: Code is not tested.

Kosala W
  • 2,133
  • 1
  • 15
  • 20