asp.net

Update query is not updating the data in table in my project


This is my code. It is not updating the data in table. I cant see any error. The code is executing and displays me that "Successfully updated".

 protected void btnUpdate_Click(object sender, EventArgs e)
    {
        string val = ddlCountry.SelectedValue;
        Response.Write(val); // just to check that the value is changed or not.

        string val2 = txtName.Text;
        Response.Write(val2);

        if (ddlCity.SelectedValue == "--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select your country";
        }
        else if(ddlYear.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Appropriate Experience";
        }
        else if (ddlMonth.SelectedValue == "--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Appropriate Experience";
        }
        else if(ddlIndustry.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select Your Current Industry";
        }
        else if(ddlFunction.SelectedValue=="--Select--")
        {

            Response.Redirect("updateProfile.aspx");
            lblCountry.Text = "Select your functional Area";
        }
        else
        {
            string fName = Convert.ToString(Session["fname"]);
            string updateQuery = "Update RegisterMaster set Name='" + txtName.Text + "',Nationality='" + ddlCountry.SelectedValue + "',CurrentLocation='" + ddlCity.SelectedValue + "',MobNumber='"+txtNumber.Text+"',Experience='"+ddlYear.SelectedValue+" "+ddlMonth.SelectedValue+"',CurrentIndustry='"+ddlIndustry.SelectedValue+"',FunctionalArea='"+ddlFunction.SelectedValue+"',KeySkills='"+txtSkills.Text+"',ResumeTitle='"+txtResTitle.Text+"',Resume='"+resFileUpload.ToString()+"' where Name='"+fName+"'";
          
           int i = c1.ExecuteMyQuery(updateQuery);
           if (i == 1)
           {
               lblUpdation.Text = "Successfully Updated.";
           }
           else
           {
               lblUpdation.Text = "Try Again";
           }

        }
    }

And it displays that update was successful but when i check database, it is not updated. updateProfile.aspx is the same page on which this coding is done. and its in a frameset if that also counts.

implementation of

c1.ExecuteMyQuery(updateQuery);


 public int ExecuteMyQuery(String sql)
        {
            con.Open();
            cmd.Connection = con;
            cmd.CommandText = sql;
            int i = cmd.ExecuteNonQuery();
            con.Close();
            return i;
        }

This is view profile page This is when I clicked on Update profile This is after i click on update button


Solution

  • It's very difficult to get like this what is going wrong. However, I have doubt in your code on this line:

    string fName = Convert.ToString(Session["fname"]);
            string updateQuery = "Update RegisterMaster set Name='" + txtName.Text + "',Nationality='" + ddlCountry.SelectedValue + "',CurrentLocation='" + ddlCity.SelectedValue + "',MobNumber='"+txtNumber.Text+"',Experience='"+ddlYear.SelectedValue+" "+ddlMonth.SelectedValue+"',CurrentIndustry='"+ddlIndustry.SelectedValue+"',FunctionalArea='"+ddlFunction.SelectedValue+"',KeySkills='"+txtSkills.Text+"',ResumeTitle='"+txtResTitle.Text+"',Resume='"+resFileUpload.ToString()+"' where Name='"+fName+"'";
    

    Are you getting proper value to be successfully update your query? Make a breakpoint and check it after Debugging.

    Or

    Make a very simple update statement like :Update RegisterMaster set Name="+txtName.Text+", And make sure your table getting updated.

    And of-course you query is vulnerable for Sql-Injection as Leland Richardson mentioned. You can learn more about this here: http://www.codeproject.com/Articles/9378/SQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev