Update in Database by c#

Question

Update in Database by c#

Asked 8 years, 1 month ago

Viewed 723 times

2

I’m trying to update my database by visual Studio(c#), but the update is not being carried out I don’t know why.

Table script(sql developer):

CREATE TABLE Login
(
  Cod_login NUMBER(8) NOT NULL,
  Usuario VARCHAR2(50) NOT NULL, 
  Senha VARCHAR2(50) NOT NULL, 
  cod_Nivel number(5)NOT NULL,
  Status_Login CHAR(1) NOT NULL, 
  CONSTRAINT PK_Cod_login_Login PRIMARY KEY (Cod_login)
);

c update script#:

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

public void Alterar()
{
    if (txtnovasenha.Text == "")
    {
        MessageBox.Show("Digite Sua Nova Senha!");
    }
    if ((txtnovasenha.Text.Length < 4))
    {
        MessageBox.Show("A Senha Deve Conter no Mínimo 4 Digitos!");
    }
    if ((txtnovasenha.Text.Length > 8))
    {
        MessageBox.Show("A Senha Deve Conter no Máximo 8 Digitos!");
    }
    else
    {
        clnlogin login = new clnlogin();
        login.Senha = txtnovasenha.Text;
        login.AlterarSenha(txtLogin.Text);
        MessageBox.Show("A Senha do Usuário " 
           + txtLogin.Text + " foi Alterada com Sucesso para " 
           + login.Senha + "!",
           "Alteração", MessageBoxButtons.OK, MessageBoxIcon.Information);

It shows the message, but does not update. I tried to change several things but could not. I did something wrong?

This code is incomplete, right?

– Jéf Bueno

2016/10/10 at 18:44
No.Only the save button was missing, which only calls the Change method();

– enzo

2016/10/10 at 18:47
And that key missing in the first method?

– Jéf Bueno

2016/10/10 at 18:49
tidy. I wobble my.

– enzo

2016/10/10 at 18:51
strQuery += (", Status_Login ='" + 1 + "'"); tries to change here: strQuery += (", Status_Login ='" + 1.ToString() + "' ");

– guijob

2016/10/10 at 18:59
I tried, it didn’t help.

– enzo

2016/10/10 at 19:10
What is this component clnBancoDados ?

– Eric Wu

2016/10/10 at 19:13
That’s where I connect to my bank.

– enzo

2016/10/10 at 19:24
We need the contents of the Executacommand() method to be able to give you an answer, it is probably the source of the problem.

– Julio Borges

2016/10/10 at 19:38
1

One remark: you are going the worst way to record a record in C#. Use the SqlCommand with paramentros and have simple, easy-to-maintain code. Links that can help you https://msdn.microsoft.com/pt-br/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110). aspx and http://www.devmedia.com.br/utilizando-parametros-no-sqlcommand-em-c/28440

– novic

2016/10/10 at 19:43
Put the code part of the method: Objclnbancodados.Run command(strQuery); to see how you are doing. may be missing an Execurenonquery() or a Savechanges, depending on your approach...

– JcSaint

2016/10/10 at 19:49
I can even put, but I think that’s not it, because the other functions are working.

– enzo

2016/10/10 at 19:58
if I comment the lines://strQuery += (" WHERE "); //strQuery += (" user = '" + _user + "' "); it works; but instead of updating only one row of my table, it updates all.

– enzo

2016/10/10 at 19:58
The user you are trying to update exists in the table? It can only be that then

– Julio Borges

2016/10/10 at 20:14
Yes, it does. It must be something silly.

– enzo

2016/10/10 at 20:16

Show 10 more comments

1 answer

Browser other questions tagged c# database sql-update

You are not signed in. Login or sign up in order to post.

by Marco Souza • **12,304** points · Answer 1 · 2016-10-11T12:46:37+00:00

Stick to the parameters you are passing for your method.

A good check is you do the select right in the database to see if the data really exists.

select * from Login WHERE usuario = equal to the value of its txtLogin.Text...

Another thing, your WHERE usuario = is = txtLogin.Text see the field usuario = Login, a little strange the nomenclature between the application and the database.

Another curious thing is in your method below.

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

See your parameter AlterarSenha(string usuario) ..... user and see what you’re using in the strQuery += (" usuario = '" + _usuario + "' "); here your parameters have a _ in the _user , that is, it is not the same parameter received in your method.

To complete, the ideal is that your method AlterarSenha returns a Boolean informing if the transaction was actually made in the bank.

Still, I hope that this is just a training or work course, because this way of passing parameters is not good, it leaves the application vulnerable to sql Injection Oops, is that the right link.