Update in Database by C # [closed]

Question

Update in Database by C # [closed]

Navigation

#1 by (0 votes)

2

I'm trying to do an update in my database through Visual Studio (C #), however the update is not being performed I do not know why.

Table Script ( sql developer ):

CREATE TABLE Login
(
  Cod_login NUMBER(8) NOT NULL,
  Usuario VARCHAR2(50) NOT NULL, 
  Senha VARCHAR2(50) NOT NULL, 
  cod_Nivel number(5)NOT NULL,
  Status_Login CHAR(1) NOT NULL, 
  CONSTRAINT PK_Cod_login_Login PRIMARY KEY (Cod_login)
);

C # update script:

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

public void Alterar()
{
    if (txtnovasenha.Text == "")
    {
        MessageBox.Show("Digite Sua Nova Senha!");
    }
    if ((txtnovasenha.Text.Length < 4))
    {
        MessageBox.Show("A Senha Deve Conter no Mínimo 4 Digitos!");
    }
    if ((txtnovasenha.Text.Length > 8))
    {
        MessageBox.Show("A Senha Deve Conter no Máximo 8 Digitos!");
    }
    else
    {
        clnlogin login = new clnlogin();
        login.Senha = txtnovasenha.Text;
        login.AlterarSenha(txtLogin.Text);
        MessageBox.Show("A Senha do Usuário " 
           + txtLogin.Text + " foi Alterada com Sucesso para " 
           + login.Senha + "!",
           "Alteração", MessageBoxButtons.OK, MessageBoxIcon.Information);

It shows the message, but does not perform the update. I tried to change several things but I could not. Did I do something wrong?

sql-update c#

asked by anonymous 10.10.2016 / 20:32

1 answer

TabView on Primefaces with Ajax How do I use an existing database in an ASP.NET MVC C # and Identity application?

score 0 · Accepted Answer

Pay attention to the parameters you are passing to your method.

A good check is for you to select direct into the database to see if the data actually exists.

select * from Login WHERE usuario = equal to the value of your txtLogin.Text ...

Another thing, its WHERE usuario = is = txtLogin.Text see the usuario = Login field, a bit strange the nomenclature between the application and the database.

Another curious thing is in your method below.

public void AlterarSenha(string usuario)
{
    string strQuery;
    strQuery = (" UPDATE Login ");
    strQuery += (" SET ");
    strQuery += ("senha = '" + _senha + "' ");
    strQuery += (", Status_Login ='" + 1 + "'");
    strQuery += (" WHERE ");
    strQuery += (" usuario = '" + _usuario + "' ");
    clnBancoDados ObjClnBancoDados = new clnBancoDados();
    ObjClnBancoDados.ExecutaComando(strQuery);
}

See your parameter AlterarSenha(string usuario) ..... user and see what you are using in the strQuery += (" usuario = '" + _usuario + "' "); excerpt here your parameters have a _ in the < strong> _user , that is, it is not the same parameter you received in your method.

To complete, ideally, your% cos_de% method would return a Boolean stating whether the transaction was actually done in the bank.

Still, I hope this is just a training or course work, because this way of passing parameters is not good at all, this leaves the application vulnerable to sql injection ops, this is the Right link .