Update in Database by c#

Asked

Viewed 723 times

2

I’m trying to update my database by visual Studio(c#), but the update is not being carried out I don’t know why.

Table script(sql developer):

CREATE TABLE Login
(
  Cod_login NUMBER(8) NOT NULL,
  Usuario VARCHAR2(50) NOT NULL, 
  Senha VARCHAR2(50) NOT NULL, 
  cod_Nivel number(5)NOT NULL,
  Status_Login CHAR(1) NOT NULL, 
  CONSTRAINT PK_Cod_login_Login PRIMARY KEY (Cod_login)
);

c update script#:

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

public void Alterar()
{
    if (txtnovasenha.Text == "")
    {
        MessageBox.Show("Digite Sua Nova Senha!");
    }
    if ((txtnovasenha.Text.Length < 4))
    {
        MessageBox.Show("A Senha Deve Conter no Mínimo 4 Digitos!");
    }
    if ((txtnovasenha.Text.Length > 8))
    {
        MessageBox.Show("A Senha Deve Conter no Máximo 8 Digitos!");
    }
    else
    {
        clnlogin login = new clnlogin();
        login.Senha = txtnovasenha.Text;
        login.AlterarSenha(txtLogin.Text);
        MessageBox.Show("A Senha do Usuário " 
           + txtLogin.Text + " foi Alterada com Sucesso para " 
           + login.Senha + "!",
           "Alteração", MessageBoxButtons.OK, MessageBoxIcon.Information);

It shows the message, but does not update. I tried to change several things but could not. I did something wrong?

  • This code is incomplete, right?

  • No.Only the save button was missing, which only calls the Change method();

  • And that key missing in the first method?

  • tidy. I wobble my.

  • strQuery += (", Status_Login ='" + 1 + "'"); tries to change here: strQuery += (", Status_Login ='" + 1.ToString() + "' ");

  • I tried, it didn’t help.

  • What is this component clnBancoDados ?

  • That’s where I connect to my bank.

  • We need the contents of the Executacommand() method to be able to give you an answer, it is probably the source of the problem.

  • 1

    One remark: you are going the worst way to record a record in C#. Use the SqlCommand with paramentros and have simple, easy-to-maintain code. Links that can help you https://msdn.microsoft.com/pt-br/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110). aspx and http://www.devmedia.com.br/utilizando-parametros-no-sqlcommand-em-c/28440

  • Put the code part of the method: Objclnbancodados.Run command(strQuery); to see how you are doing. may be missing an Execurenonquery() or a Savechanges, depending on your approach...

  • I can even put, but I think that’s not it, because the other functions are working.

  • if I comment the lines://strQuery += (" WHERE "); //strQuery += (" user = '" + _user + "' "); it works; but instead of updating only one row of my table, it updates all.

  • The user you are trying to update exists in the table? It can only be that then

  • Yes, it does. It must be something silly.

Show 10 more comments

1 answer

0


Stick to the parameters you are passing for your method.

A good check is you do the select right in the database to see if the data really exists.

select * from Login WHERE usuario = equal to the value of its txtLogin.Text...

Another thing, your WHERE usuario = is = txtLogin.Text see the field usuario = Login, a little strange the nomenclature between the application and the database.

Another curious thing is in your method below.

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

See your parameter AlterarSenha(string usuario) ..... user and see what you’re using in the strQuery += (" usuario = '" + _usuario + "' "); here your parameters have a _ in the _user , that is, it is not the same parameter received in your method.

To complete, the ideal is that your method AlterarSenha returns a Boolean informing if the transaction was actually made in the bank.

Still, I hope that this is just a training or work course, because this way of passing parameters is not good, it leaves the application vulnerable to sql Injection Oops, is that the right link.

  • It was my parameter that was wrong.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.