Home/ Questions/Q 6986425
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T18:48:25+00:00

There is something wrong with the following update query. string sql = update Car

  • 0

There is something wrong with the following update query. 

string sql = "update Car set plate = '" + textBox2.Text + "' , color='"
           + textBox3.Text + "' , model='"+textBox5.Text+ "' , year= "
           + textBox4.Text;
sql += " where carid= " + textBox1.Text;

int res = CarDatabase.executeOthers(sql);
if (res > 0)
{
    string sql2 = "select * from Car";
    DataTable dt = CarDatabase.executeSelect(sql2);
    mainframe.DataGridView1.DataSource = dt;
    MessageBox.Show("Updated Successfully");
}

Actually, I encounter the same problem when I add year to my query. Why? :S

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The simple answer is that one of your TextBoxes probably has content that is breaking this. The better answer is to never, ever write a query this way because it is vulnerable to SQL injection attacks. You need to look at how to do parameterized queries.

    Start by reading the How to: Execute a Parameterized Query article on MSDN.

    • 0