Updating Values entered by User in form to database

Question

S2009 -1 Junior Poster in Training

15 Years Ago

Hi all,

I am trying to create an application which involves the User to change the password.

I am using Microsoft Visual Studio for developing the Graphical User Interface and Microsoft SQL server as the back-end.

I have created a separate form which allows the user to change the password.

However I am unaware of how the particular password will be updated to the Database.

I have tried the following code for updating the new password to the database but it is not working.

There is no error in the code when compiling and running but the password is not updated in the database.

Coding:

UserID = txtUserID.Text;
try
{
SqlCommand objSqlCommand = new SqlCommand("update NewUserRegister set Password = @Password where UserID = @UserID",objSqlConnection);

SqlParameter sql;
sql = objSqlCommand.Parameters.Add("@UserID", SqlDbType.Int);
sql.Value = UserID;

MessageBox.Show("Password Updated Successfully");
}
catch (SqlException e1)
{
MessageBox.Show(e1.Message, "Error Information", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
catch(System.Exception e2)
{
MessageBox.Show(e2.Message, "Error Information", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}

Can any one help me out with the correct code snippet I should use to update the password?

I am in urgent need of completing this task. Please reply me soon..

Thanks in advance!!

2 Contributors
3 Replies
85 Views
6 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by sknake

sknake 1,622 Senior Poster

15 Years Ago

Please use code tags in the future.

You're using 2 parameters in the query but only adding one to the command, the @Password variable is never used. See these threads for examples on using parameters:
http://www.daniweb.com/forums/thread191241.html
http://www.daniweb.com/forums/thread198304.html

Here is an example of adding multiple parameters. Change the query and parameter names and you should be set.

private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string query = "Insert Into aTable (aString, aDateTime) Values (@aString, @aDateTime)";
      const string connStr = @"Data Source=apex2006sql;Initial Catalog=DB;Integrated Security=True;";
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          string s1 = "abc123";
          DateTime dtNow = DateTime.Now;
          cmd.Parameters.Add(new SqlParameter(@"aString", SqlDbType.VarChar)).Value = s1;
          cmd.Parameters.Add(new SqlParameter(@"aDateTime", SqlDbType.DateTime)).Value = dtNow;
          cmd.ExecuteNonQuery();
        }
        conn.Close();
      }
    }

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

S2009 -1 Junior Poster in Training · Answer 1 · 2009-06-19T23:16:34+00:00

Please use code tags in the future.
You're using 2 parameters in the query but only adding one to the command, the @Password variable is never used. See these threads for examples on using parameters:
http://www.daniweb.com/forums/thread191241.html
http://www.daniweb.com/forums/thread198304.html
Here is an example of adding multiple parameters. Change the query and parameter names and you should be set.
private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string query = "Insert Into aTable (aString, aDateTime) Values (@aString, @aDateTime)";
      const string connStr = @"Data Source=apex2006sql;Initial Catalog=DB;Integrated Security=True;";
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          string s1 = "abc123";
          DateTime dtNow = DateTime.Now;
          cmd.Parameters.Add(new SqlParameter(@"aString", SqlDbType.VarChar)).Value = s1;
          cmd.Parameters.Add(new SqlParameter(@"aDateTime", SqlDbType.DateTime)).Value = dtNow;
          cmd.ExecuteNonQuery();
        }
        conn.Close();
      }
    }

Thanks a lot for your prompt reply.

I will try this and let you know.

I have a doubt why should we use the USING block for creating the SQLCommand object.

Is it mandatory to use this.?
Is there any alternative to USING block?

Please if possible clear my doubts.

Thanks in advance!

sknake 1,622 Senior Poster Featured Poster · Answer 2 · 2009-06-19T23:22:08+00:00

using() is just a code snippet for calling .Dispose(); on anything implementing IDisposable. It is .NET best practices to dispose of all objects implementing the interface and can lead to resource leaks if you don't. Imagine your SQL Connection -- If you declare it in memory but never dispose it then it will sit in memory until the garbage collector picks it up. If you instantiate 10 SQL Connections before the garbage collector runs you can run out of connection in the connection pool and your application will raise an exception saying it cannot establish a connection.

From the help file on using, this is the alternative to using the code snippet:

Font font1 = new Font("Arial", 10.0f);
  try
  {
    byte charset = font1.GdiCharSet;
  }
  finally
  {
    if (font1 != null)
      ((IDisposable)font1).Dispose();
  }
}