The multi-part identifier “TextBox1.Text” could not be bound in C# ASP.NET?

Question

I\'m doing a practice project for training; my handler has specifically forbidden paramaterization and security-oriented coding for now, in the interest of getting the basic

Answer 1

Use parameters to do this. Otherwise you are wide-open for SQL injection.

SQLCommand cmd = new SQLCommand();
cmd.CommandText = "UPDATE ProductInstance SET CustId = @CustID WHERE .... ";
cmd.Parameters.AddWithValue("@CustID", TextBox1.Text);
cmd.ExecuteNonQuery();