vb.net - Update button error -


our program when click update button updates data in data grid view, what's wrong our codes? our code 

private sub btnupdate_click(byval sender system.object, byval e system.eventargs) handles btnupdate.click     con.connectionstring = ("server=localhost;user id=root;password=;database=sample4")     try         con.open()         cmd             .connection = con              .commandtext = "update inventory set product_name='" & txtpn2.text & "',product_quantity='" & txtquan2.text & "',date='" & txtdate2.text & "' 1"             result = cmd.executenonquery             if result = 0                 msgbox("data has been updated!")             else                 msgbox("successfully updated!")                 .commandtext = "select product_name,product_quantity,date inventory"                 txtpn2.clear()                 txtquan2.clear()                 txtdate2.clear()                 txtpn2.focus()              end if         end     catch ex exception         msgbox(ex.message)     end try     con.close() end sub

there lot of errors here, both logical , bad practices @ work.
starting logical errors first:

what think statement does? where 1 (i don't know if accepted database suppose works). doesn't locate precise record update, let every record in table receive same values specified in set list. need pass key identify precise record update. where keyfield=keyvalue keyfield name of column in table invetory values unique 1 record selected update

second logical problem: if result = 0 then wrong because result of executenonquery number of records updated/inserted/deleted. in case update sql updates record if finds one. update record if values same before. 0 instead means no record has been found clause (after fixing in first step). if 0 result no record exists in table match clause.

now bad practices. 

set product_name='" & txtpn2.text &.....

this string concatenation builds sql statement. wrong on many levels. if 1 of textboxes contains single quote whole text becomes syntactically invalid. malicious user write in textbox , create sql injection hack destroy database or grab sensitive informations. should use parameterized query

 .commandtext = "update inventory set product_name=@prod " & _                 ",product_quantity=@qty,date=@dt keyfield=@kvalue"  .parameters.add("@prod", sqldbtype.nvarchar).value =  txtpn2.text   .parameters.add("@qty", sqldbtype.int).value =  convert.toint32(txtquan2.text)  .parameters.add("@qty", sqldbtype.datetime).value =  convert.todatetime(txtdate2.text)  .parameters.add("@kvalue", sqldbtype.int).value =  kvalue  result = cmd.executenonquery

second bad practice: keeping global objects connection , commands. these disposable objects, should used in know pattern. create, use, destroy free possible precious system resources. keeping them global gains nothing , @ risk leak resources. keep global (or better read app.config) connection string , apply using statement around connection , command


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more