I have fetched records from database using this query which works fine.
var SelectEmpInfo = "SELECT * FROM emp_info WHERE emp_id ='"+empID+"'";
var SelectedEmpInfo = db.QuerySingle(SelectEmpInfo);
After that I want to update this record by applying the snap of code
if(SelectedEmpInfo != null)
{
status = SelectedEmpInfo.status;
}
if(IsPost)
{
var updateStatus = "UPDATE emp_info SET status='"+status+"' WHERE emp_id='"+empID+"'";
db.Execute(updateStatus);
<h1>Successfully Updated</h1>
}
If I remove the query from if block and put outside it than it works when page gets loaded but I don't want to do so.
The reason to place this code inside an if is that, query should only perform when button is pressed.
Please someone help me out here.
Kind regard
Radhesham
Thanks everyone for your time and concerns. It was actually SQL injection problem and i found the answer of it here at mikes site http://www.mikesdotnetting.com/article/113/preventing-sql-injection-in-asp-net