'Incorrect syntax near the keyword 'into' in button code of webform

codify

Member
Joined
Dec 4, 2020
Messages
18
Programming Experience
1-3
So this is the update button code of my webform. Its giving this error at "comm.ExecuteNonQuery();" . How ever button1 which had insert operation showed no error with this.
button2:
protected void Button2_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("Data Source=DESKTOP-A85V0ME\\SQLEXPRESS;Initial Catalog=CRUDWEBFORM;Integrated Security=True");
        con.Open();
        SqlCommand comm = new SqlCommand("Update into StudentInfo_Tab set StudentName = '" + TextBox2.Text + "',Address = '" + DropDownList1.SelectedValue + "',Age ='" + double.Parse(TextBox3.Text) + "',Contact = '" + TextBox4.Text + "'where StudentID = '" + int.Parse(TextBox1.Text)+ "'", con);
        comm.ExecuteNonQuery();
        con.Close();
        ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Succesfully Updated');", true);
        LoadRecord();

    }
1610040855514.png
 
I'm glad you figured it out.

It sounds like a SQL issue, not a C# issue.

And it's time for the obligatory SQL injection cartoon because your code above is vulnerable:
exploits_of_a_mom.png
 
Back
Top Bottom