0

My problem is that when I try to change my password, I get this error:

No Value given for one or more parameters

My code:

try
{
    connectionn.Open();

    OleDbCommand command = new OleDbCommand();
    command.Connection = connectionn;

    string query = "update LOGIN set pass='" + Npassword.Text + "' WHERE [email protected]";

    command.CommandText = query;
    command.ExecuteNonQuery();

    MessageBox.Show("Password Changed");
    connectionn.Close();
}
catch (Exception ex)
{
   MessageBox.Show("Error, fill the fields required" + ex);
   connectionn.Close();
}
Improve this question
5
  • 1
    The visual-studio tag should only be used for questions relating to the Visual Studio application, not code you write with it. Commented Jan 29, 2019 at 4:02
  • 1
    @Npassword.Text is a parameter that the query expects you to pass a value for. Commented Jan 29, 2019 at 4:02
  • 1
    And the new password should be passed as a parameter. Commented Jan 29, 2019 at 4:03
  • Just a note that as written this SQL would update LOGIN.pass to the same value that it already has. It would be rather unusual to select the row to update based on it's password value. You'd normally want to select the row using a userid or such. Commented Jan 29, 2019 at 4:12
  • 3
    Asides: Passwords shouldn't, as a rule, be stored in plaintext. Changing all logins that happen to share the same password may be entertaining. See SQL Injection. Commented Jan 29, 2019 at 4:12

1 Answer 1

Reset to default
1

I agree with the feedback given on your post, passwords definitely should not be plain text and you should not be looking to update a password based on a match on the password column.

But to help you out on your direct question, you have declared a parameter in your SQL text, but have not provided the parameter to your OleDbCommand.

Try this:

   connectionn.Open();
   OleDbCommand command = new OleDbCommand();
   command.Connection = connectionn;
   string query = "update LOGIN set pass=@Password WHERE UserId=@UserId";
   command.CommandText = query;

   // Some form of hashing should definitely be done here! Should NOT be plain text
   command.AddWithValue("@Password", NPassword.Text); 
   // Not provided in your question but should use this parameter to update the proper column and not try to match on a password field
   command.AddWithValue("@UserId", userId); 
   command.ExecuteNonQuery();
   MessageBox.Show("Password Changed");
   connectionn.Close();
}
catch (Exception ex)
{
   MessageBox.Show("Error, fill the fields required" + ex);
   connectionn.Close();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.