I have in a string the following SQL string to update tables from textBox.
string actualizar = "update pelicula set nombre_pelicula = " + txtnombre.Text.Trim() + " , web_pelicula = " + txtweb.Text.Trim() + " , descripcion = " + txtdescripcion.Text.Trim() + " , anio = " + txtanio.Text.Trim() + "where id_pelicula = " + txtid.Text.Trim();
SqlCommand comando = new SqlCommand(actualizar, conexion);
SqlDataReader dr = comando.ExecuteReader();
//comando.ExecuteNonQuery();
if (dr.Read())
{
MessageBox.Show("Se actualizo correctamente");
conexion.Close();
}
But when modifying the elements I get the following error:
where line 84 is:
SqlDataReader dr = comando.ExecuteReader();
Also when I replace this line with:
comando.ExecuteNonQuery();
keep giving the error
You have to use parameters, it is a bad practice to concatenate the values in the string
It is also
update
used inExecuteNonQuery()
the reader only applies toselect
in the fields of your table that are of type varchar or nvarchar or text, when executing the query, it must be enclosed in single quotes or apostofre ' '.
Anything text in your query must contain ''.
Try it as follows: