c# - MySQL Syntax Error ASP.NET -

good day!

i'm trying figure out error i'm having. error:

and here code:

protected void accountgridview_rowediting(object sender, gridviewediteventargs e) {     accountgridview.editindex = e.neweditindex;     binddata(); } protected void accountgridview_rowupdating(object sender, gridviewupdateeventargs e) {     int user_id = int.parse(accountgridview.datakeys[e.rowindex].value.tostring());     textbox txtusername = (textbox)accountgridview.rows[e.rowindex].findcontrol("txtusername");      updateuser(user_id, txtusername.text);     accountgridview.editindex = -1;     binddata(); }  private void updateuser(int user_id, string username) {     globalvars cn = new globalvars();     mysqlconnection connection = cn.connectdb();     connection.open();      string query = "update user set username = '" + username + " user_id = " + user_id + "";     mysqlcommand com = new mysqlcommand(query, connection);      com.executenonquery();     connection.close();  } 

i can't work. missing here?

any appreciated.

the error message says have syntax errors in query, other parts(connection) working expected. consider query :- if debug program , watch query can see may looks like:

update user set username = 'asd user_id= usr_123 

so wrong here is, ware missed ' after asd, need give pair of ' specify user_id(if string), query may looks this:

 string query = "update user set username = '" + username + "' user_id = '" + user_id + "'"; 

but recommend use parameterized queries instead avoid injection. parameterised query looks :

string query = "update user set username = @username  user_id = @user_id"; mysqlcommand com = new mysqlcommand(query, connection); com.parameters.add("@username", mysqldbtype.varchar).value = username; com.parameters.add("@user_id", mysqldbtype.varchar).value = user_id; // execute query here