The lines 3-4 of your code has a bug which makes reading the rest of the code useless. The methods
TryParse
has Boolean result type; if they return false, the
out
parameters does no get proper results, because parsing was unsuccessful. You are throwing out this result, this way, ignoring the case of unsuccessful parsing.
There are other problems.
Don't use "", use
string.Empty
. And there is a really critical problem: you compose a query using concatenation of strings taken from UI. Repeating concatenation is bad, because strings are
immutable; but, much worse, this opens wide the possibility for the well-known exploit called
SQL injection:
http://xkcd.com/327[
^].
Never ever do it. Please see:
http://en.wikipedia.org/wiki/SQL_injection[
^].
Use this:
http://msdn.microsoft.com/en-us/library/ff648339.aspx[
^].
For explanations, please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[
^],
hi name is not displaying in name?[
^].
—SA