I need help !
What is happening when you run it? Do you get an error message? That would be helpful information rather than hoping someone will comb through your code to perhaps find something.
public void UpdateProduct(string id)
{
string strSQL = "Update Products Set UnitsInStock = @dotnet.itags.org.UnitsInStock where ProductID= @dotnet.itags.org.ID";SqlConnection myConnection = new SqlConnection(strConn);
SqlCommand myCommand = new SqlCommand(strSQL,myConnection);//Add Sql Parameters
SqlParameterCollection pms = myCommand.Parameters;pms.Add("@dotnet.itags.org.UnitsInStock",SqlDbType.Money,8);
pms.Add("@dotnet.itags.org.ID",SqlDbType.Int);pms["@dotnet.itags.org.UnitsInStock"].Value = txtUnitInStock.Text;
pms["@dotnet.itags.org.ID"].Value = id;myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
myCommand.Connection.Close();//Response.Redirect("datagrid.aspx");
}
Thanks,
Don
Also post the connection string you are using (strConn). :)
What is the error you are getting ?.
It looks like your SQL string is not well formed.
Please replace the following statement
string strSQL = "Update Products Set UnitsInStock = @.UnitsInStock where ProductID= @.ID";
to
string strSQL = "Update Products Set UnitsInStock = " + UnitsInStock + " where ProductID=" +ID;
and try.
Good Luck,
Ramesh Nayanala
No, don't! SqlParameters like @.UnitsInStock are much cleaner than using the old-fashioned ... " + Units In Stock + " ... which is a throwback to ASP.
It might be a stupid question, but you are using a SQL Server database and not e.g. Access?
Bill.
I second Bill's comment but for a different reason. Concatenating strings in dynamic SQL is opening huge security holes in your apps, particularly SQL injection.
Don
0 comments:
Post a Comment