Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Edit profile function

Status
Not open for further replies.

shaqtus

Technical User
Aug 29, 2010
8
US
I have a website which allows users to login. When members are logged in, they can see a button for editing their profile. When they click the edit profile button, a bunch of labels and text boxes are displayed. These textboxes are populated with their info from the SQL database and when they click the "Save" button, the text from the textboxes is inserted into the databases appropriate fields. The code I wrote for all of this only functions the very first time I try it, and after the first time, it fails to work at all.

This is the code to populate the text boxes with the user's information.
Code:
            string cmdRetrieve = "SELECT [HomeAddress], [HomeCity], [HomeState], [HomeZipCode], [HomeCountry], [HomePhone], [Mobile], [SpouseName], [BusinessName], [BusinessAddress], [BusinessCity], [BusinessState], [BusinessZipCode], [BusinessCountry], [BusinessPhone] FROM Members WHERE (EmailAddress = '" + LoginMember.EmailAddress + "')";
            SqlCommand cmd = db.executeSQL(cmdRetrieve);

            SqlDataReader myReader = cmd.ExecuteReader();
            bool hasContent = myReader.Read();

            if (hasContent == true)
            {
                if (myReader.IsDBNull(0) == false)
                    txtHomeAddress.Text = myReader.GetString(0);

                if (myReader.IsDBNull(1) == false)
                    txtHomeCity.Text = myReader.GetString(1);

                if (myReader.IsDBNull(2) == false)
                    txtHomeState.Text = myReader.GetString(2);

                if (myReader.IsDBNull(3) == false)
                    txtHomeZipcode.Text = myReader.GetString(3);

                if (myReader.IsDBNull(4) == false)
                    selHomeCountry.SelectedValue = myReader.GetString(4);

                if (myReader.IsDBNull(5) == false)
                    txtHomePhone.Text = myReader.GetString(5);

                if (myReader.IsDBNull(6) == false)
                    txtMobile.Text = myReader.GetString(6);

                if (myReader.IsDBNull(7) == false)
                    txtSpouseName.Text = myReader.GetString(7);

                if (myReader.IsDBNull(8) == false)
                    txtBusinessName.Text = myReader.GetString(8);

                if (myReader.IsDBNull(9) == false)
                    txtBusinessAddress.Text = myReader.GetString(9);

                if (myReader.IsDBNull(10) == false)
                    txtBusinessCity.Text = myReader.GetString(10);

                if (myReader.IsDBNull(11) == false)
                    txtBusinessState.Text = myReader.GetString(11);

                if (myReader.IsDBNull(12) == false)
                    txtBusinessZipcode.Text = myReader.GetString(12);

                if (myReader.IsDBNull(13) == false)
                    selBusinessCountry.SelectedValue = myReader.GetString(13);

                if (myReader.IsDBNull(14) == false)
                    txtBusinessPhone.Text = myReader.GetString(14);
            }

This is the code to write all the info back to the database. (It's the code that runs when user hits "Save")
Code:
        string cmdUpdate = "UPDATE Members SET HomeAddress = '" + txtHomeAddress.Text + "', HomeCity = '" + txtHomeCity.Text + "', HomeState = '" + txtHomeState.Text + "', HomeZipCode = '" + txtHomeZipcode.Text + "', HomeCountry = '" + selHomeCountry.SelectedValue + "', HomePhone = '" + txtHomePhone.Text + "', BusinessName = '" + txtBusinessName.Text + "', BusinessAddress = '" + txtBusinessAddress.Text + "', BusinessCity = '" + txtBusinessCity.Text + "', BusinessState = '" + txtBusinessState.Text + "', BusinessZipCode = '" + txtBusinessZipcode.Text + "', BusinessCountry = '" + selBusinessCountry.SelectedValue + "', BusinessPhone = '" + txtBusinessPhone.Text + "' WHERE (EmailAddress = '" + LoginMember.EmailAddress + "')";

        db.executeSQL(cmdUpdate);

Basically, when each member uses the edit profile page for the FIRST TIME, this code works fine. When the member revisits the page, all the text boxes are populated properly, but the new data is not written to the server. What is the problem here?
 
First you should be using stored procedures with paramaters. Look up SQL Injection.

Second, have you tried debugging? Check the value of cmdUpdate each time through. Make sure you are pointing to the correct database, etc.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top