ASP.NET: Records in database don't get updated

Question

I'm trying to update my database records, but no changes are made and no error messages. I checked the syntax, the values I'm sending, everything is just fine .. any suggestions?

This is my code which executed when [save] button is clicked:

ds.UpdateCommand = "UPDATE Users 
                    SET Fullname='" + fname.Text + "',
                        Permission='" + per.SelectedValue + "', 
                        Email='" + email.Text + "', 
                        phone='" + phone.Text + "' 
                    WHERE UserID=" + Session["userID"].ToString();
ds.Update();

I'm reading values from form filled by the user ds is an SqlDataSource

If I have to add more details let me know

---

EDITS:

This page is for user to update his/her information

I'm setting the form values on Page_Load depending on the users information already exist in database.

the user edits his/her info and click [Save]

after setting braekpoints , I found that query string is taking the default values not the new ones. what should I do?

---

The entire code:

    protected void Page_Load(object sender, EventArgs e)
{
    Session["userID"] = Request.QueryString["id"];

        SqlConnection cn = new SqlConnection();
        cn.ConnectionString = ds.ConnectionString;
        cn.Open();

        SqlCommand cm = new SqlCommand();
        cm.Connection = cn;
        cm.CommandText = "select * from Users where UserID='" + Session["userID"].ToString() + "'";

        SqlDataReader dr;
        dr = cm.ExecuteReader();

        if (dr.Read())
        {
            uname.Text = dr["username"].ToString();
            fname.Text = dr["Fullname"].ToString();
            per.SelectedValue = dr["Permission"].ToString();
            email.Text = dr["Email"].ToString();
            phone.Text = dr["phone"].ToString();
        }
        else Response.Redirect("Default.aspx");
        dr.Close();
        cn.Close();

}
protected void Button3_Click(object sender, EventArgs e)
{

    ds.UpdateCommand = "update Users set Fullname='" + fname.Text + "', Permission='" + per.SelectedValue + "', Email='" + email.Text + "', phone='" + phone.Text + "' where UserID=" + Session["userID"].ToString();
    ds.Update();
    Response.Redirect("control_pan.aspx");

}

Answer 1

Basically, if you have a DataSet and you want to use that to update your database, you need to:

• define the UpdateCommand as shown in the MSDN documentation to reference the columns from the DataTable which will be used to update

• update an existing row in one of your DataTable s inside the DataSet

• once you've done that, then you can call .Update() on the data set (or data table) to execute the update - ADO.NET will check for updates to any of the rows of the DataTable , and if an update is found, then the UpdateCommand will be executed, with the parameters bound to the values of the DataTable 's row in question

I would also recommend to read up on how the ADO.NET data model and using DataSets and DataTables works in detail - eg here Update Data Using .NET DataSets

The alternative, of course, would be to create a SqlConnection and a SqlCommand , using a parametrized query to do the insert yourself, without all the hassle and effort involved with DataSets and DataTables. But in that case, make sure to ALWAYS use parameterized queries (and NEVER just concatenate together your SQL statement including values straight from user input .....) - see why here

Answer 2

I seriously doubt you've provided enough details here to resolve the issue.

That type is UserID? Does the value need to be enclosed in quotes?

Are you setting the right value in your WHERE clause, and does that value existing in the database? You need to look at the resulting query string and then run it manually to determine what might be wrong.

Also, shouldn't you have the @ character prefix for your string so that newlines are part of your string? Is this really what your code looks like?

Of course, without knowing more about the code, it's hard to say what else it might be as well.

Answer 3

I suspect the Session["UserID"] is null. To check this set break point on ds.Update(); by putting the cursor on it then pressing F9.
To see the result query hover your mouse pointer over ds.UpdateCommand when break point pauses operation.

Update : put the code in the page load to be executed only once that is when first the page loads

if(!IsPostBack)
 {
    //put your code here
 }

Update

protected void Page_Load(object sender, EventArgs e)
{
 if(!IsPostBack)
 {
  Session["userID"] = Request.QueryString["id"];

    SqlConnection cn = new SqlConnection();
    cn.ConnectionString = ds.ConnectionString;
    cn.Open();

    SqlCommand cm = new SqlCommand();
    cm.Connection = cn;
    cm.CommandText = "select * from Users where UserID='" + Session["userID"].ToString() + "'";

    SqlDataReader dr;
    dr = cm.ExecuteReader();

    if (dr.Read())
    {
        uname.Text = dr["username"].ToString();
        fname.Text = dr["Fullname"].ToString();
        per.SelectedValue = dr["Permission"].ToString();
        email.Text = dr["Email"].ToString();
        phone.Text = dr["phone"].ToString();
    }
    else Response.Redirect("Default.aspx");
    dr.Close();
    cn.Close();
 }
}