SQL update statement in C#

Question

I have table \"Student\"

   P_ID   LastName  FirstName  Address  City

   1        Hansen    Ola                
   2        Svendson   Tov         


        

Answer 1

Please, never use this concat form:

String st = "UPDATE supplier SET supplier_id = " + textBox1.Text + ", supplier_name = " + textBox2.Text
        + "WHERE supplier_id = " + textBox1.Text;

use:

command.Parameters.AddWithValue("@attribute", value);

Always work object oriented

Edit: This is because when you parameterize your updates it helps prevent SQL injection.