database - update error in wcf service application -
i'm getting error while updating row in database.
an exception of type 'system.data.oledb.oledbexception' occurred in system.data.dll not handled in user code
additional information: syntax error in update statement.
failed invoke service. possible causes: service offline or inaccessible; client-side configuration not match proxy; existing proxy invalid. refer stack trace more detail. can seek recover starting new proxy, restoring default configuration, or refreshing service.
this update code:
public string updateinventory(string name, int quantity) { string strmessage = string.empty; string sql; //create connection object oledbconnection oleconn = new oledbconnection(connstring); oleconn.open(); //update row sql = "update product set quantity attribute = '" + quantity + "' name = '" + name + "'"; oledbcommand cmd = new oledbcommand(sql, oleconn); int rowsaffected = (int)cmd.executenonquery(); if(rowsaffected > 0) { strmessage = name + "details updated succesfully"; } else { strmessage = name + "details not updated successfully"; } oleconn.close(); homecoming strmessage; } but if update decimal cost , string description same codes. goes well. getting codes when updating quantity.
your column name quantity attribute has space in it, causing syntax error. can utilize brackets around column name resolve this. also, quantity int, , you're trying utilize string in sql command. it's int in table, don't need ' around value either, without knowing table's schema that's guess.
the biggest problem code is vulnerable sql injection attacks. can guard against using parameterized queries. parameterized queries have added benefit of handling required quoting of values you, based on type of individual parameters.
finally it's considered best practice utilize using block connection, take care of closing , disposing connection when using block exited, if error occurs.
here's illustration wraps of up:
try { using (oledbconnection oleconn = new oledbconnection(connstring)) { oleconn.open(); //update row sql = "update product set [quantity attribute] = ? name = ?"; oledbcommand cmd = new oledbcommand(sql, oleconn); cmd.commandtype = commandtype.text; cmd.parameters.add("@quantity", oledbtype.int).value = quantity; cmd.parameters.add("@name", oledbtype.varchar).value = name; int rowsaffected = (int)cmd.executenonquery(); if(rowsaffected > 0) { strmessage = name + "details updated succesfully"; } else { strmessage = name + "details not updated successfully"; } } } grab (exception ex) { strmessage = string.format("update error: {0}", ex.message); } note oledb question mark used placeholder parameters, order in add together parameters of import - must match order of placeholders in query string.
the resulting sql (assuming quantity attribute int, , quantity = 20 , name = "sample":
update product set [quantity attribute] = 20 name = 'sample' as final recommendation wrapped code in try-catch block if exception thrown caught , handled. unhandled exceptions can reveal info programme shouldn't revealed (as can give potential hackers more info refine attempts compromise system). since wcf service, depending on configuration exception details may or may not returned client, unhandled exception can bring service downwards , fault client's channel service.
database wcf
No comments:
Post a Comment