i have code update database,
string query1 = "update points set pnts = " + "switch (" + " empname = '" + combobox1.text + "', '" + label15.text + "'" + ", empname = '" + combobox2.text + "', '" + label16.text + "'" + ", empname = '" + combobox3.text + "', '" + label17.text + "'" + ", true, ''" + ")" + " empname in ('" + combobox1.text + "', '" + combobox2.text + "', '" + combobox3.text + "')" ;
in query replace current pnts column value new value,and want add label.text values current database pnts values , total pnts column.
please me!!!
as others have stated, use parameterized queries prevent sql injection, keep easier me (i don't know c# library parameterized queries is) i'm going work current code , give fastest way it:
string query1 = "update points set pnts = pnts + " + "switch (" + " empname = '" + combobox1.text + "', '" + label15.text + "'" + ", empname = '" + combobox2.text + "', '" + label16.text + "'" + ", empname = '" + combobox3.text + "', '" + label17.text + "'" + ", true, ''" + ")" + " empname in ('" + combobox1.text + "', '" + combobox2.text + "', '" + combobox3.text + "')" 
Comments
Post a Comment