How to avoid sqlite Error in C# while updating selected row?

Question

I'm trying to write a form update a selected row in sqlite in win forms applications C#. But there is still an error:

SQL logic error
near "ID": syntax error

My part of code:

private void button4_Click(object sender, EventArgs e)
        {
            string Transport = "Update TransportMed set Imię = "+textBox2.Text+", Nazwisko = " +textBox3.Text+", PESEL ="+textBox3.Text+"where ID = " + dataGridView1.SelectedRows[0].Cells[0].Value.ToString();
            ExcecuteQuery(Transport);
            LoadData();
        }

**Use parameters** or you will get syntax errors and injection risks left and right — Charlieface, Mar 06 '21 at 20:28
Post the actual Command Text Transport so we can see the actaul query. There may be extra characters in the DGV Cell that is causing an issue. — jdweng, Mar 07 '21 at 00:00

score 1 · Accepted Answer · answered Mar 06 '21 at 20:16

1

As @jdweng has mentioned, you need a space before where:

string Transport = "Update TransportMed set Imię = " + textBox2.Text + ", Nazwisko = " + textBox3.Text + ", PESEL =" + textBox3.Text + " where ID = " + dataGridView1.SelectedRows[0].Cells[0].Value.ToString();

Please be careful that the current method is vulnerable to SQL Injection attacks. You have to use Sql parameters to avoid it. Read more here: What are good ways to prevent SQL injection?

answered Mar 06 '21 at 20:16

Muhammad Azeez

926
8
18

Still an error near "," – Maria Mar 06 '21 at 20:24
Can you print `Transport` in a message box or use Debug.WriteLine()? It will help you see where the SQL statement is ill formated: – Muhammad Azeez Mar 06 '21 at 21:11

How to avoid sqlite Error in C# while updating selected row?

1 Answers1