Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
31 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Problem updating database

Started by
1 comment, last by JimboC 14 years, 6 months ago
When I try to update my MSAccess database using the code below, I get the following error: System.Data.OleDb.OleDbException: No value given for one or more required parameters 

OleDbCommand DeviceDB_Command = new OleDbCommand();
DeviceDB_Command.CommandType = CommandType.Text;
DeviceDB_Command.CommandText = "UPDATE Manufacturer SET Manufacturer = '" + Edit_TB_Man.Text + "' WHERE Garbage-Index = " + GarbageNum;
DeviceDB_Command.Connection = DeviceDB_Connection;
DeviceDB_Connection.Open();
LinesUpdated = DeviceDB_Command.ExecuteNonQuery();
DeviceDB_Connection.Close();
As near as I can tell the code is correct and the UPDATE command is what it should be. Also, the table name is Manufacturer and the field name is Manufacturer. I thought that might be the issue but changing either makes no difference. Edit_TB_Man is a text box (yes, I'm doing checking for quotes and whatnot). GarbageNum is an INT that has the correct number for the record to be updated. Any ideas what I'm doing wrong?
Advertisement
Quote:Original post by JimboC
"UPDATE Manufacturer SET Manufacturer = '" + Edit_TB_Man.Text + "' WHERE Garbage-Index = " + GarbageNum
I believe the problem is the field name "Garbage-Index". I think you need to quote it (I don't know the proper quoting rules for Access, but it could either be "" or []. That is,
"UPDATE Manufacturer SET Manufacturer = '" + Edit_TB_Man.Text + "' WHERE \"Garbage-Index\" = " + GarbageNum
Or
"UPDATE Manufacturer SET Manufacturer = '" + Edit_TB_Man.Text + "' WHERE [Garbage-Index] = " + GarbageNum
Anyway, give those a try.

Also, it's a really bad idea to d inline queries where you're accepting input from the user like you've done here. I assume Edit_TB_Man is a textbox control on a web form or windows form. You really should be using a parameterized queries because what you've done here is left yourself open to SQL injection attacks (just think about what would happen if someone typed "'; DELETE FROM Manufacturer; SELECT * FROM Manufacturer WHERE Manufacturer ='" into the text box...)

War WorldsJournal

It was the second example you put in there. Thanks a bunch.

And I'm checking for any type of malicious input as the user types into the textbox. If they do that I throw up an error message, drop them out of the program and drop an automated email to their supervisor with the offending entry included. It was requested I do things that way for reasons I'm not privy to.

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
AliAbdulKareem
Understanding the wavy-like shape in alpha-testing magnification for text rendering Graphics and GPU Programming
Advertisement

Recommended Tutorials

Myopic Rhino
Creating a Win32 Window Wrapper Class General and Gameplay Programming
Philomena Schwab
Nimbatus - How a free demo got our game funded Business and Law
derekyu
Pixel Art Tutorial: Basics Visual Arts
Gaiiden
GDC Online 2011 Event Coverage
Myopic Rhino
Interview with Tom Fulp Interviews

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top