This content has been marked as final. Show 3 replies
How about a WHERE clause in that update statement :-)
I knew it would be simple...
this is the first time I have worked with Oracle. I just ported my code from SQLServer to Oracle.
I SQLServer the "cursor... seemed to sit on the right record.."
Simple addition of the Where clause to reference the projectID worked!!!
971465 wrote:In addition to what Dennis has posted, it might also be worthwhile to do some research on SQL Injection.
I am having trouble updating a signal row in an Oracle Database 11g Express Edition Release 188.8.131.52.0 - 64bit
I am using VB.net. I can add a row easily so I know the connection is set properly
Imports Oracle.DataAccess.Client ' ODP.NET Oracle managed provider
Dim da As OracleDataAdapter = New OracleDataAdapter
Dim ds As New DataSet
Dim conn As New OracleConnection("Data Source=<machine name>")
Dim inc, maxrows As Integer
da.SelectCommand = New OracleCommand("Select * from projects Where Projects.ProjectName = " & "'" & ListBox1.Text & "'", conn)
If conn.State = ConnectionState.Closed Then conn.Open()
maxrows = ds.Tables("UpdateProject").Rows.Count
inc = 0
Catch ex As Exception
maxrows returns 1 row - which is the row I want to update.
I am assuming the "pointer is now sitting at the proper row"
I allow the user to update the description via a text box and the want to simply run a SQL update statement
SQLCmd = "Update projects SET ProjectDescription = " & "'" & TextBox5.Text & "'"
a.SelectCommand = New OracleCommand(SQLCmd, conn)
This code updates EVERY row in the DB.
Any help would be greatly appreciated
As it stands now the code you posted is open to SQL Injection attacks since you are just gluing text from the textbox into the SQL.
For example, given your sample code, what if a user types the following into the textbox:
What do you think will happen with the code as it currently is and is that what you really want to happen?
I'm also not quite sure why you are using a Select to perform an Update operation.