Help me write an error all the time ... if I need to write it too, here is the code I use:

private void button1_Click(object sender, EventArgs e) { MySqlConnection cnt = new MySqlConnection(strProvider); try { cnt.Open(); MySqlCommand cmd = new MySqlCommand("UPDATE Settings SET seconds = '" + numericUpDown1.Value + "');", cnt); cmd.ExecuteNonQuery(); cnt.Close(); MessageBox.Show("Сайт успешно обновлен"); } catch(MySqlException ex) { MessageBox.Show(ex.Message, "Ошибка"); } }
  • one
    Understand the brackets, apostrophes and quotes in the lowercase part of the command - BuilderC
  • Dak like, for example, did only put another table and where to get the values ​​... - Angus123

1 answer 1

Here is your request:

 UPDATE Settings SET seconds = '123');
  • remove the last bracket - it is not needed
  • What type of field is seconds ? if int , then you will have to do the following: convert the string value numericUpDown1.Value to int
  • determine which field will be updated - add WHERE
  • do not use string concatenation in SQL NEVER!

here:

 MySqlCommand cmd = new MySqlCommand("UPDATE Settings SET seconds = " + Convert.ToInt32(numericUpDown1.Value) + ";", cnt);

but the following code would look even better:

 SqlCommand cmd = new SqlCommand("UPDATE Settings SET seconds = @Sec WHERE id = 42", cnt);//допустим id = 42 SqlParameter param = new SqlParameter(); //задаем имя параметра param.ParameterName = " @Sec "; //задаем значение параметра param.Value = numericUpDown1.Value; //param.Value = Convert.ToInt32(numericUpDown1.Value); если sеconds int //param.SqlDbType = SqlDbType.Int; //задаем тип параметра param.SqlDbType = SqlDbType.NVarChar; //передаем параметр объекту класса SqlCommand cmd.Parameters.Add(param); cmd.ExecuteNonQuery();
  • HOORAY! SHE EARNED !! And for string, what to use? - Angus123
  • one
    use parameterized queries, and even better - stored procedures - Specter