Can't update one value in datagridview

0
votes

I have an edit form for values in datagridview. The problem is with update code. The whole code updated: 

int value = int.Parse(label13.Text); // ID
            string txtbox2 = textBox2.Text.ToString();
            string txtbox1 = textBox1.Text.ToString();
            try
            {
                var cmd = new OleDbCommand();
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "UPDATE guestreg SET g_name='" + txtbox1 + "' AND g_surname = '"+txtbox2+"'  where ID =@id";
                cmd.Parameters.AddWithValue("@id", value);
                cmd.Connection = connection;
                connection.Open();
                cmd.ExecuteNonQuery();
                {
                    MessageBox.Show("Update Success!");
                    connection.Close();
                }

When the update sql command contains just one value to update - it works (example) :

cmd.CommandText = "UPDATE guestreg SET g_name='" + textBox1.Text + "' where ID =@id";

enter image description here The values not updating at all. But message box shows that everything was done. Just changes name to "0".

Thanks a lot.

1
c#ms-accessdatagridview
You can't use AND that way, replace it with a comma. And then parameterize all variables, not just id. - Crowcoder
@Crowcoder okay, will try it right now - user8110171
@Crowcoder updated the code, still doesn't work. The value of name changes to "0" - user8110171
@Crowcoder write as an answer, it worked - user8110171

1 Answers

0
votes

Your update statement is invalid. Try this:

 cmd.CommandText = "UPDATE guestreg SET g_name='" + textBox1.Text + "', g_surname = '"+textBox2.Text+"'  where ID =@id";

While we're at it, you should be passing those textbox values as parameters also. Your query is vulnerable to SQL Injection. What is SQL injection?