Last post Jan 10, 2011 02:22 AM by yasser shaikh
Sep 05, 2007 03:35 AM|Zubair Alam|LINK
i face with a simple problem
string userId = Membership.GetUser().ProviderUserKey.ToString();
i got the error at runtime which said the error near the where
the filled name are right
Sep 05, 2007 05:14 AM|Peter Smith|LINK
First of all, use parameterized queries, with your query you are very vulnerable to SQL injection attacks (search the web on "sql injection" and how to prevent them).
Secondly, you cant use an insert statement the way you do, because you apparently already have a record where the value of the id column is equal to CustId.
If you want to INSERT a NEW record, you use: insert into test(id,name) values (@id,@name) (note how I use parameterized values)
if you want to UPDATE an EXISTING record you use: update test set name=@name where id=@id
Please mark the answer as answered if this helped you :)
Sep 05, 2007 05:15 AM|Mahadeomatre|LINK
u want ot update the username.. u r not inserting the record..
so use update query instead of insert query..
and for insert query Where clause is not used..
so use ur query like..
update urtablename set username='hello' where =...ur condition..
Jan 10, 2011 02:22 AM|Yasser Shaikh|LINK
Hi, you seem to have made only a small mistake here,
query = String.Format("insert into
test(Name) values('Hello') where Id =" + CustId);
this would work, you had used "" unnecessarily in your query. Do reply with your results :)
MARK AS ANSWER if it helps - yrus