Home/ Questions/Q 6072239
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T10:08:16+00:00

I am trying to update a set of data onButtonClick . i have a

  • 0

I am trying to update a set of data onButtonClick .
i have a username , date of birth ,
with CurrentEmailAddress, NewEmailAdrress, ConfirmNewEmailAddress

Im trying to update all of them on a single click. I am able to update the username , but i couldnt update the date of birth and email address.

Below is my c# code:
do note that myDBmanager is to execute the update and it has no problem 

 //SQL query
        string updateSQL = "UPDATE user_profile,user_login SET ";
        updateSQL += "user_profile.user_name = '" + txtUserName.Text + "', ";
        updateSQL += "user_profile.user_dob = '" + txtDateOfBirth.Text + "'";


            if (txtNewPassword.Text != " " && txtNewEmailAddress.Text == " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "'";
            }
            else if (txtNewPassword.Text == " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_profile.user_email = '" + txtNewEmailAddress.Text + "'";

            }
            else if (txtNewPassword.Text != " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "',";
                updateSQL += "user_profile.user_email = '" + txtNewEmailAddress.Text + "'";
            }
            else { }

            updateSQL += " WHERE user_profile.user_profile_id = 1 ";
            updateSQL += " AND user_login.user_profile_id = 1 ;";
            updateSQL += Global.myDBManager.GetNewIndex();

            int update = Global.myDBManager.ExecuteSql(updateSQL);



        //Close connection
        Global.myDBManager.Disconnect();
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Listen to the comments in this question – what you are doing, aside from not actually working for you, is very dangerous, and ripe for SQL Injection attacks. Google for “sql injection c#” and implement a solution – this article looks good:

    http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

    Once you’ve fixed that, you probably had/have some sort of simple code bug that is preventing your code from working, because your method (aside from the vulnerabilities) doesn’t look too bad.

    Stick a breakpoint on the top of the method, and work through the method, making sure the sql string is being built up as expected.

    Hope that helps!

    • 0