0

The command show me a success message, but the table is not updated.

I am using a local database.

con = new SqlConnection("Data Source=(Localdb)\\MSSQLLocaldb; 
                         AttachDbFilename='|DataDirectory|\\StudentDatabase.mdf';
                         Integrated Security=true;MultipleActiveResultSets=True;");

sqlCommand cmd = new SqlCommand("update Teacher SET username='" + 
                                nameprobtextbox.Text + "'where password='" + 
                                nameprobelmpass.Text + "'", con);

int a = cmd.ExecuteNonQuery();

if(a > 0)
{
    namelabelchange.Text = "Name changed successfully";
}
else
{
    namelabelchange.Text = "Name does not change";
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
sheen drung
  • 73
  • 4
  • 5
    So many things wrong with this code. Learn how to use parameters. Learn why passing clear text passwords is wrong. – Gordon Linoff Nov 25 '17 at 17:15
  • why would you use the password as what use to mark the record to be updated? it does look like you are hashing it (clear text passwords are real bad) and if more than one person has the same password it will change multiple user names which cause sql errors if the user name column requires unique values – Ken Tucker Nov 25 '17 at 17:19
  • Please read [ask] and take the [tour]. – Ňɏssa Pøngjǣrdenlarp Nov 25 '17 at 17:21
  • Name can recover by entering the password so that is why – sheen drung Nov 25 '17 at 17:23
  • after you execute your update command.. where are you calling Select to display the updated records, 2nd read the comments and heed the advice, read up on how to use `using() { }` construct for your Sql Objects, read up on `Sql Injection` read up also how to use paramterized querys – MethodMan Nov 25 '17 at 19:00

0 Answers0