You need to use Parameterized queries so that SQL Queries work properly
protected void Save(object sender, EventArgs e)
{
// i have passed hard coded value here
int id = 2;
if (this.FileUpload1.HasFile)
{
string constr = ConfigurationManager.ConnectionStrings["ConString2"].ConnectionString;
string sqlStatment = "update bannerdetails set bannername = @BannerName, bannerimage = @Image, bannerlink = @BannerLink where id = @Id";
using (OleDbConnection con = new OleDbConnection(constr))
{
using (OleDbCommand cmd = new OleDbCommand(sqlStatment, con))
{
con.Open();
cmd.Parameters.AddWithValue("@BannerName", this.txtBannerName.Text.Trim());
cmd.Parameters.AddWithValue("@Image", this.FileUpload1.PostedFile.FileName);
cmd.Parameters.AddWithValue("@BannerLink", txtBannerLink.Text);
cmd.Parameters.AddWithValue("@Id", id);
cmd.ExecuteNonQuery();
con.Close();
}
}
}
}
Thank You.
