On Apr 17, 11:48 am, weird0 <amiredi...@gmail.comwrote:
Hi!
On the recommendation of one of the MVP's on this group....... I tried
writing parametrized queries. But the fucking thing does not work and
it does not update the data in the table.
I gotta do my work by concatenation right now. But what is wrong with
the code anyway?
Can anyone figure out.
public static bool Change_CC_Pincode(string userName, string
Pincode)
{
string query = "UPDATE CreditCard SET cc_pincode=@PINCODE
WHERE username=@USERNAME";
SqlConnection cn = new SqlConnection(connectionString);
// Create a new SQL Command object with our query
// Note the syntax for our parameter field, "first"
SqlCommand sqlCommand = new SqlCommand(query, cn);
sqlCommand.Parameters.Add("@PINCODE", SqlDbType.Int).Value
= Pincode;
sqlCommand.Parameters.Add("@USERNAME",
SqlDbType.VarChar).Value =userName.ToCharArray();
cn.Open();
int result = sqlCommand.ExecuteNonQuery();
// Close Reader and Connection.
cn.Close();
if (result 0)
return true;
else
return false;
}
Regards
Generous for your help
In the code I have written I have not used the @ sign in the variable
names when adding the parameters and it has worked. For example, drop
the @ in the line
sqlCommand.Parameters.Add("@PINCODE", SqlDbType.Int).Value = Pincode;
to
sqlCommand.Parameters.Add("PINCODE", SqlDbType.Int).Value = Pincode;
Perhaps it will work or atleast get you to your next error!