C # Problem when updating registration with mysql "Windows Form"

Question

C # Problem when updating registration with mysql "Windows Form"

Navigation

#1 by (3 votes)

1

Well send me this error message

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id_raza = 8' at line 1 "

This is my method to update

public bool Actualizar(string consulta)
        {
            bool actualizado = false;
            int rows = 0;
            conexion.Open();
            cmd = new MySqlCommand(consulta, conexion);

            rows = cmd.ExecuteNonQuery();
            if (rows > 0)
            {
                actualizado = true;
            }
            conexion.Close();
            return actualizado;

        }
    }

}

now what I do when I click on the update button

private void txbActualizar_Click(object sender, EventArgs e)
        {
            string actualizar = "UPDATE raza SET raza =" + txtRaza.Text + "WHERE id_raza =" + txtIdraza.Text;
            if (fn.Actualizar(actualizar))
            {
                MessageBox.Show("Actualizado");
            }
            else
            {
                MessageBox.Show("Error al actualizar");
            }
        }
    }
}

Good txtRaza = the value that I put for texbox txtIdraza = the value that I put for texbox

my table in the MySQL DB has the following fields

id_raza= int,llave primaria,autoincrementable  
raza=varchar

when I put in the id the value 8 that has already saved in the bd and any name for race the error is generated, I do not know where the error is

mysql c#

asked by Zen 19.09.2018 в 07:45

source

1 answer

Null value in MySQL with PHP Add characters to a string in sql

score 3 · Accepted Answer

The error is that MySQL expects as a data for the race column, a string but does not send that, in addition to the reserved word where , it will always be stuck or concatenated with the value you want to assign for the column raza .

To solve this, you should add the quotes to the value of Textbox , and give a space to where

string actualizar = "UPDATE raza SET " +
                 " raza ='" + txtRaza.Text + "' WHERE id_raza =" + txtIdraza.Text;

Of course this is a security error, concatenate values directly. you should use prepared statements, for which you would recommend review the following documentation.