1 
        using (MySqlCommand bb = new MySqlCommand("UPDATE  members SET  Begin = 1 WHERE id ='" + uid + "';"))
        {
            bb.Connection = con;
            con.Open();
            using (MySqlCommand fff = new MySqlCommand("UPDATE  members SET  b = 1 WHERE id ='" + uid + "';"))
            {
                fff.Connection = con;
            }
            this.Hide();
            Main main = new Main();
            main.Show();
        }

I'm trying to update both tables, B and Begin to 1 to the current logged in user (my uid command:

  using (MySqlCommand id = new MySqlCommand("SELECT id FROM members WHERE username='" + textBox1.Text + "';"))
                            {
                                id.Connection = con;
                                MySqlDataReader read3 = cmd.ExecuteReader();
                                read3.Dispose();
                                int idd = (int)id.ExecuteScalar();
                                uid = idd;
                                Begin.uid = idd;
                                MySqlDataReader read4 = id.ExecuteReader();
                                read4.Dispose();
                                id.Dispose();
                            }

I don't know why but it doesn't update the database.

Improve this question
3
  • 3
    You never execute the update command. Commented Jul 1, 2013 at 13:10
  • Exactly What @GrantThomas said, and this command is vulnerable to "SQL Injection". And better yet, it's freaking 2013, stop using direct SQL!! use a entity framework, all this problems will go away.... Commented Jul 1, 2013 at 13:11
  • Not only that, you need to use a parameterised update. Commented Jul 1, 2013 at 13:11

2 Answers 2

Reset to default
5

You're not executing the command.

You need fff.ExecuteScalar(); And bb.ExecuteScalar();

Or ExecuteNonQuery();

Also you are vulnerable to SQL Injection, try using paramerterized queries.

For instance:

 bb.CommandText = "UPDATE members SET  Begin = 1 WHERE id = @id";  
 bb.Parameters.AddWithValue("@id", id);
 bb.ExecuteNonQuery();
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks! How can i make in unvulnerable to SQL inj?:) idk what are paramerterized queries.. xD
@VlasiuRobert - updated the answer to show you how to do this.
0

First of all user parametrized querys, second you do call ExecuteNonQuery() on any of your SqlCommands.

using (MySqlCommand bb = new MySqlCommand("UPDATE  members SET  Begin = 1 WHERE id = @id;"))
{
    bb.Parameters.AddWithValue("@id", uid);
    bb.Connection = con;
    con.Open();

    bb.ExecuteNonQuery();

    using (MySqlCommand fff = new MySqlCommand("UPDATE  members SET  b = 1 WHERE id = @id;"))
    {
        fff.Parameters.AddWithValue("@id", uid);
        fff.Connection = con;

        fff.ExecuteNonQuery();
    }

    this.Hide();
    Main main = new Main();
    main.Show();
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.