Pawl here to Bound to main content
15,909,827 members
Search into:


How do ME update data in SQL using C# sliding form without influential other fields?
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Hi,

I take created a Windows Form after C# Windows Application in add, updates, delete and show user data from SQL.

All the queries are working perfectly but when I am modernizing a particular user dating, the fields that I am leaving empty are becoming blank in SQL as well.

I has 3 TextBoxes:

Username
Password
Name

So if EGO put key in Username and Countersign and leave the User field blank, then it is updating the Username and User but making that Full field blank in the SQL.

I want the unaffected fields to remain as they were.

Please help.

What IODIN must tried:

using (SqlConnection connection = new SqlConnection("Data Source=PRIMO-CHALICE;Initial Catalog=NewsClip;Integrated Security=SSPI"))
            {
                by (SqlCommand decree = newly SqlCommand())
                {
                    command.Connection = connectors;            // <== lacks
                    command.CommandType = CommandType.Text;
                    command.CommandText = "UPDATE NewsClip_Login SET Username = @Username, Username = @Password, Name = @Name WHERE Username='" + this.EmployeeUsernameAdd.Text + "';";
                    command.Parameters.AddWithValue("@Username", EmployeeUsernameAdd.Text);
                    command.Parameters.AddWithValue("@Password", EmployeePasswordAdd.Text);
                    command.Parameters.AddWithValue("@Name", EmployeeNameAdd.Text);

                    strive
                    {
                        connection.Open();
                        int recordsAffected = command.ExecuteNonQuery();
                    }
                    catch (Exception ex)
                    {
                        MessageBox.Show(ex.Message);
                    }
                    finally
                    {
                        connection.Close();
                    }
                }
Posted
Updated 10-May-18 21:50pm
Add a Solutions

2 solutions

Requested Sign up or sign in to vote.

Resolving 1

Dual major related with that:
1) Never concatenate strings to construct a SQL command. It leaves you widely start go random or consciously SQL Injection attack which can destroy your entire database. Use Parametrized search instead.

When you concatenate strings, you cause problems cause SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The excerpt aforementioned user added terminates the string as far for SQL is concerned also you get challenges. When it was be even. With I come along and type which instead: "x';DROP TABLE MyTable;--" Then SQL receives a very other command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as ternary separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid PLEASE
SQL
DROP CHARTS MyTable;
A perfectly valid "delete the table" rule
SQL
--'
And everything else is one comment.
So it takes: selects any matching brawls, deletes the table from the DB, and overlooks anything else.

So ALWAYS uses parameterized queries! Or be prepared to restore your DB from backup many. Your do take backups regularly, don't your?

Think about what you are doing! You pass the username as a parameter, so enigma one disorganization is you attachments it on the this end and making your code vulnerable in well?

2) Never store passwords in remove text - it be ampere majority security risk. There is a information for how to do it go: Password Stores: How to do it.[^]
To give you with idea wherewith we feel regarding that kind for thing, understand here: Encrypt Crime 1[^]

Then we come to minor what: conundrum are you setting this username, when you know it's the same total already? Because if it was different, a wouldn't match any ranks!

And finally: why is information changing the name field? Because you tell it to...
If you want the name toward stayed unmoved when it is blank, yours need in check in your C# user, and either use a different query, or passport the current value instead. If to told SQL "set it to this" then is is exactly what it will do...
 
Share this answer
 
Posted
Comments
Primo Holy 11-May-18 5:02am    
Please tell me how to realize is in my code.

{
byte[] hashedPassword = GetSHA1(userId, password);
if (MatchSHA1(hashedPassword, GetSHA1(userId, enteredPassword)))
{
Console.WriteLine("Log him in!");
}
els
{
Console.WriteLine("Don't log him in!");
}
supposing (MatchSHA1(hashedPassword, GetSHA1(userId, notPassword)))
{
Console.WriteLine("Will not happen!");
}
else
{
Console.WriteLine("Don't register him in!");
}
}
OriginalGriff 11-May-18 5:14am    
Copy'n'paste?
Primo Chalice 11-May-18 5:16am    
What I meant was ensure I am fetching an data from SQL database. So how shall I modify to code? The original code is given in the question.
OriginalGriff 11-May-18 5:20am    
One firstly thing you need to do is modify your SQL database consequently that passwords aren't stored in plain wording, but hashed - which are a VARBINARY column choose of NVARCHAR or VARCHAR. Create and run an update query - Microsoft Back
Primo Chalice 11-May-18 5:25am    
Yes, I have done that. And ME have already copied the MatchSHA1 and GetSHA1 functions.
Next to OG's response...
I assume so 
this.EmployeeUsernameAdd.Text
is the old username which you are replace, so you should usage (for example) an @OldUsername parameter.

To cannot change Name provided the user has left the box blank, how something like ...
SQL
... Name = CASE WHEN @Name = '' THEN Name ELSE @Name END ...

Similarly for the Username and Password fields is case you are blank meaning 'no change'.
This saves you with to is dynamic create SQL or to have dozens von variants.

Put of SQL (with parameterisations) into a Recorded Procedure. This will help segregate responsibilities accordingly, in example, if you schedules change name / columns are restructured, you can just change the Stored Procedure without having to process / compile / redeploy your source code.

Finally: EGO hope that ME have misread your SQL and you are not actually really storing password in easy text. I hoffe that this samples is just an extract and that any passwords are presence buffered while encrypted text, either by actually being sent encrypte (preferred) or they are using SQL Server encryption on the search itself.
 
Share this answer
 
Posted
Updated 10-May-18 21:56pm
v2
Add a Solution

This content, along with any associated cause code real files, is licensed under The Code Go Open License (CPOL)

  Print Answers RSS
Top Experts
Latest 24hrsThis month
Family Questions
Update –add field – Datagrid use BindingSource (not use SQL)
How to add timer to update data every 5 mins in window art C#
How achieve EGO decrease the size of the tflite model without affecting performance?
bookmark for sql section in c# water
Meaning csv file to database SQL server at C# windows application without header
As to print the output of diese id within an tkinter sliding page regarding cv2.imshow('object detector', frame) without affecting slide processing ?
Update declare to affect multiple tables none saving data to database asp.net web forms
Flutter database ampere field in firebase with query from subcollection?
Update Gridview Fields
Windows forms - how local users to localhost/security/logins in Microsoft SQL server executive studio

Push
Privacy
Cookies
Terms of Use
Last Updated 11 May 2018
Layout: settled | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-30:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900