Frustrated Updating A Record

sirGE · March 21, 2010, 3:48am

Hi guys, I retrieve a record on my database through Page_Load event here’s the content of my code

hMenuID.Value = Request.QueryString["id"];
        //Display information of links on the entries
        cnDBConnection.ConnectionString = clsFunction.strConnection;
        cnDBConnection.Open();
        cmModule.Connection = cnDBConnection;
        cmModule.CommandText = "SELECT * FROM modules WHERE id=" + clsFunction.ReplaceString(hMenuID.Value.ToString());
        rdModule = cmModule.ExecuteReader();
        if (rdModule.HasRows == true)
        {
            rdModule.Read();
            txtModuleLabel.Text = rdModule["name"].ToString();
            txtModuleLink.Text = rdModule["link"].ToString();
            cboParentID.SelectedValue = rdModule["menuid"].ToString();
        }
        cmModule.Connection.Close();
        rdModule.Close();
        cnDBConnection.Close();

So, the data appears on my textboxes and a combo box. I tried to modify the content of my textbox and click on the Update button. Unfortunately, there’s no modification that happen. Here’s my code in the Update button

if (Page.IsPostBack)
        {

            if (Page.IsValid)
            {
                cnDBConnection.ConnectionString = clsFunction.strConnection;
                cnDBConnection.Open();
                cmModule.Connection = cnDBConnection;
                cmModule.CommandText = "UPDATE modules SET name='" + clsFunction.ReplaceString(txtModuleLabel.Text.Trim()) + "', link='" +
                                        clsFunction.ReplaceString(txtModuleLink.Text.Trim()) + "', menuid=" + cboParentID.SelectedValue +
                                        " WHERE id=" + hMenuID.Value;
                
                cmModule.ExecuteNonQuery();
                cmModule.Connection.Close();
                cnDBConnection.Close();

  
            }

        }

wwb_99 · March 21, 2010, 2:05pm

Please paramatarize your query. Sql injection is bad.
Looks ok on the surface to me, I’d trace the SQL and make sure your WHERE clause is accurate–eg, it is finding a row to UPDATE.

jonmaster · March 21, 2010, 4:55pm

y are u using clsfunction when updating the records

clsFunction.ReplaceString(txtModuleLabel.Text.Trim())

Jason__C · March 22, 2010, 10:06am

Hard to say, since this probably isn’t all the code, but couldn’t closures be the problem? You run the “fill in” for the controls, but your code isn’t accessable because the connection is inside another code block. Hence, you cannot access the connect object.

EDIT: Ahh, I see what you are saying.

clsFunction.ReplaceString(txtModuleLabel.Text.Trim())

should be:

txtModuleLabel.Text.Trim()

wwb_99 · March 23, 2010, 11:35am

^^^I think that is his [poor] attempt at preventing sql injection by doing something like string.Replace(“'”, “‘’”).

SlitheryImp · March 23, 2010, 12:11pm

Are you making sure not to update the TextBoxes on a postback?

if (!Page.IsPostBack)
{
// Get the Data and fill the Text Fields
}

Jason__C · March 23, 2010, 2:39pm

Yeah, spot-on wwb. From now on I will recommend the use of parameter queries for the OP. The only problem with that however is, most of the time the OP will ignore that and go with the fastest solution. Hence, more work and studying.

Topic		Replies	Views
Update problem in asp.net .NET	1	448	September 28, 2010
Why won't this edit code work? .NET	8	863	May 21, 2010
Aspx: updating db with textbox does not work .NET	4	803	March 9, 2010
[C#] An error occurred while attempting to update the row .NET	16	1728	March 22, 2011
Error: No value given for one or more required parameters .NET	2	3763	September 20, 2014

Frustrated Updating A Record

Related topics