C
C#3mo ago
Hazzza

SQL help

When trying to update a value in my database I get the error 
No value given for one or more required parameters.
No value given for one or more required parameters.
however I heard this is common and usually means the SQL statement is wrong Here is my SQL string 
C#
string _sSqlString = $"UPDATE Product SET SellPrice = {SellPrice} WHERE ProductName = {ProductName}";

databaseUtils.ExecuteSqlQuery(_sSqlString);
C#
string _sSqlString = $"UPDATE Product SET SellPrice = {SellPrice} WHERE ProductName = {ProductName}";

databaseUtils.ExecuteSqlQuery(_sSqlString);
After inputting the variables into the Sql it looks like this 
C#
UPDATE Product SET SellPrice = 9 WHERE ProductName = apple
C#
UPDATE Product SET SellPrice = 9 WHERE ProductName = apple
A picture of the database is attached The ExecuteSqlQuery method works as intended, at least for all my other SQL requests, however they all use either DELETE, INSERT or SELECT Thanks
No description
11 Replies
hutoanhill
hutoanhill3mo ago
i dont know what your problem is but i would be careful injecting stuff into a SQL statmetn the way you are. Its probubly a better idea to do 
string _sSqlString = $"UPDATE Product SET SellPrice = @SellPrice WHERE ProductName = @ProductName";
// add this to a command

command.Paramiters.addWithValue("@ProductName", ProductName);
command.Paramiters.addWithValue("@SellPrice", SellPrice);
string _sSqlString = $"UPDATE Product SET SellPrice = @SellPrice WHERE ProductName = @ProductName";
// add this to a command

command.Paramiters.addWithValue("@ProductName", ProductName);
command.Paramiters.addWithValue("@SellPrice", SellPrice);
Hazzza
Hazzza3mo ago
Yeah I was thinking about doing that but i didn't know how to properly implement it I will try and make it work and see if that may fix something as i saw on stack overflow that fixed it for someone else
hutoanhill
hutoanhill3mo ago
not a huge issue for testing, but if this becomes public facing it will open you up to SQL injection attacks
Hazzza
Hazzza3mo ago
Its just for my computer science project for college
hutoanhill
hutoanhill3mo ago
your probubly fine than ¯\_(ツ)_/¯
Hazzza
Hazzza3mo ago
yeaj yeah will get me more marks i guess
hutoanhill
hutoanhill3mo ago
depends on how much they care
Hazzza
Hazzza3mo ago
i managed to fix it i needed ' ' around my variables 🤦‍♂️ thank you anyway for the help
hutoanhill
hutoanhill3mo ago
yo. clasic sql blunder make sure to close the ticket
Hazzza
Hazzza3mo ago
ok will do thanks
hutoanhill
hutoanhill3mo ago
np
Want results from more Discord servers?
Add your server