Home/ Questions/Q 7593815
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T21:15:49+00:00

i have some problem here with Edit Data Using ASP.NET Razor in WebMatrix i

  • 0

i have some problem here with Edit Data Using ASP.NET Razor in WebMatrix
i write this code for edit a data using the Update command but unfortunately it doesnt work :s :s

Razor code :

    @{
      {
            var userId = Request["UserId"];
    var db = Database.Open("intranet");
    var query = "UPDATE Personne SET Demande = @0 WHERE UserId LIKE '%@1%'";
    db.Execute(query,"refuser", userId);
 }
    }

the html code : 

    <form action="responsable.cshtml" method="post">
    <input type="hidden" name="UserId" value="saadwafqui" />
    <input type="submit" value="Oui" /> 
</form>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your code is vulnerable to SQL injection. I would recommend you fixing this. Also you seem to be using some IsPost variable which is not quite clear where is being defined.

    Example:

    @{
    var userId = Request["userid"];
    var db = Database.Open("intranet");
    var query = "UPDATE Personne SET Demande = @0 WHERE UserId LIKE '%' + @1 + '%'";
    db.Execute(query, "refuser", userId);
}

    Notice the syntax around the LIKE clause:

    LIKE '%' + @1 + '%'

    This will match all records that have UserId in the middle. If you wanted to match only records that the UserId starts with the value in the request:

    LIKE '%' + @1

    and if you wanted exact match simply use the = operator instead of a LIKE clause.

    Also your markup looks completely broken. There’s no window.location attribute. Maybe you meant something like this:

    <form action="responsable.cshtml" method="post">
    <input type="hidden" name="userid" value="saadwafqui" />
    <input type="submit" value="Oui" /> 
</form>

    or with a GET request if you prefer:

    <form action="responsable.cshtml" method="get">
    <input type="hidden" name="userid" value="saadwafqui" />
    <input type="submit" value="Oui" /> 
</form>
    • 0