Project form update button parameter is missing

Question

0.00/5 (No votes)

See more:

I am working on a project from a lesson off of YouTube, and the project forms code I am working on is identical to the one being built in the video. Note: I have 1 extra label, textbox; I have also instead of using GridView as my grid I have it named with my name todoView, as well as, the labels and textboxes have my naming.

I have followed to the update button scripting part, and when I try to post my update to my database it tells me a parameter is missing.

I am using Visual Studio 2012. the Video on YouTube I am following along with is:

How to create a C# MS Access database connection with save, update, delete and search

.

See Code Below

What I have tried:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;

namespace _420mangarden
{
    public partial class Form1 : Form
    {
        OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\hosting\growcannabis\420mangarden\app_data\strains.accdb");

        public Form1()
        {
            InitializeComponent();
        }

        void dataviewer()
        {
            try
            {
                conn.Open();
                OleDbCommand cmd = conn.CreateCommand();
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "select * from thingstodo";
                cmd.ExecuteNonQuery();
                DataTable dt = new DataTable();
                OleDbDataAdapter dp = new OleDbDataAdapter(cmd);
                dp.Fill(dt);
                todoView.DataSource = dt;
                conn.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "Entry Added", MessageBoxButtons.OK, MessageBoxIcon.Information);
                conn.Close();
            }
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            dataviewer();
        }

        private void btnAdd_Click(object sender, EventArgs e)
        {
            try
            {
                conn.Open();
                OleDbCommand cmd = conn.CreateCommand();
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "insert into thingstodo (todoid,todopriority,todotype,todoopen,todohold,tododone,todoholdreason,todotask)values('" + txttodoid.Text + "', '" + txttodopriority.Text + "', '" + txttodotype.Text + "', '" + txttodoopen.Text + "', '" + txttodohold.Text + "', '" + txttododone.Text + "', '" + txttodoholdreason.Text + "', '" + txttodotask.Text + "')";
                cmd.ExecuteNonQuery();
                MessageBox.Show("Record Added Successfully", "To-Do List", MessageBoxButtons.OK, MessageBoxIcon.Information);
                conn.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "To-Do List", MessageBoxButtons.OK, MessageBoxIcon.Information);
                conn.Close();
            }
        }

        private void btnView_Click(object sender, EventArgs e)
        {
            dataviewer();
        }

        private void btnExit_Click(object sender, EventArgs e)
        {
            DialogResult iExit;
            iExit = MessageBox.Show("Confirm", "To-Do List", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
            if (iExit == DialogResult.Yes)
            {
                Application.Exit();
            }
        }

        private void btnUpdate_Click(object sender, EventArgs e)
        {
            try
            {
                conn.Open();
                OleDbCommand cmd = conn.CreateCommand();
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "update thingstodo set todoid ='" + txttodoid.Text + " 'where todopriority = '" + txttodopriority.Text + "' and txttodotype = '" + txttodotype.Text + "'";
                cmd.ExecuteNonQuery();
                conn.Close();
                MessageBox.Show("Record Updated Successfully", "To-Do List", MessageBoxButtons.OK, MessageBoxIcon.Information);
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "To-Do List", MessageBoxButtons.OK, MessageBoxIcon.Information);
                
                conn.Close();
            }
        }

        private void todoView_CellClick(object sender, DataGridViewCellEventArgs e)
        {
            try
            {
                txttodoid.Text = todoView.SelectedRows[0].Cells[0].Value.ToString();
                txttodopriority.Text = todoView.SelectedRows[0].Cells[1].Value.ToString();
                txttodotype.Text = todoView.SelectedRows[0].Cells[2].Value.ToString();
                txttodoopen.Text = todoView.SelectedRows[0].Cells[3].Value.ToString();
                txttodohold.Text = todoView.SelectedRows[0].Cells[4].Value.ToString();
                txttododone.Text = todoView.SelectedRows[0].Cells[5].Value.ToString();
                txttodoholdreason.Text = todoView.SelectedRows[0].Cells[6].Value.ToString();
                txttodotask.Text = todoView.SelectedRows[0].Cells[7].Value.ToString();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "To-Do List", MessageBoxButtons.OK, MessageBoxIcon.Information);
                conn.Close();
            }
        }
    }
}

Posted 4 days ago

Member 14613680

Add a Solution

2 solutions

Solution 2

To add to what Dave rightly said: Yes, Youtube is a big source of total crap, produced by people who have no idea how to make a video, how to teach, and in most cases how to code either. YouTube is all about Likes and Subscribes - because when you get enough of them, you make money. If you get code from anywhere and it doesn't compile, then ask your self this: why not? How old is this code? Why hasn't it been fixed yet? Ask the author, and if he doesn't come back pretty quickly with a damn good explanation, unsubscribe, unlike, and don't go back.

And Dave is also right about string concatenation. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Posted 4 days ago

OriginalGriff

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Accepted Answer · 2024-09-16T15:26:00

Abandon this tutorial now. It's garbage. Most YouTube "tutorials" are done by people who don't know what they're doing, can't teach, and don't know how to make a video.

What proof on this video? This line alone is complete garbage and you wouldn't find this in any quality code:

C#

cmd.CommandText = "insert into thingstodo (todoid,todopriority,todotype,todoopen,todohold,tododone,todoholdreason,todotask)values('" + txttodoid.Text + "', '" + txttodopriority.Text + "', '" + txttodotype.Text + "', '" + txttodoopen.Text + "', '" + txttodohold.Text + "', '" + txttododone.Text + "', '" + txttodoholdreason.Text + "', '" + txttodotask.Text + "')";

What makes this line so bad? Well, just type something in one of those textboxes that has an apostrophe in it and your entire SQL statement breaks immediately.

You should NEVER use string concatenation to build an SQL statement. It's a massive security risk that could end with the destruction of your database.

It's also a possible source for the very error you're talking about.

You never said which line is throwing the exception, nor did you post the EXACT exception message.

Get a book on C#, not YouTube videos.