From 77ce3e9b17f883d975ea5f3de74536625c2f9aee Mon Sep 17 00:00:00 2001 From: Timourka Date: Tue, 23 Apr 2024 19:57:33 +0400 Subject: [PATCH] =?UTF-8?q?=D0=BF=D0=BE=D1=87=D0=B8=D0=BD=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=BC=D0=B5=D1=82=D0=BE=D0=B4=20update=20=D0=94=D0=BB=D1=8F=20?= =?UTF-8?q?rental?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SUBD_Car_rent/database/Implementation.cs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/SUBD_Car_rent/database/Implementation.cs b/SUBD_Car_rent/database/Implementation.cs index 2d9f39d..9f71a21 100644 --- a/SUBD_Car_rent/database/Implementation.cs +++ b/SUBD_Car_rent/database/Implementation.cs @@ -218,7 +218,13 @@ namespace database { using var conn = GetConnection(); conn.Open(); - using var cmd = new NpgsqlCommand($"UPDATE rental SET car_id = {rental.CarId}, client_id = {rental.ClientId}, start_date = '{rental.StartDate}', end_date = '{rental.EndDate}', cost = {rental.Cost} WHERE id = {rental.Id}", conn); + using var cmd = new NpgsqlCommand("UPDATE rental SET car_id = @CarId, client_id = @ClientId, start_date = '@StartDate', end_date = '@EndDate', cost = @Cost WHERE id = @Id", conn); + cmd.Parameters.AddWithValue("@Id", rental.Id); + cmd.Parameters.AddWithValue("@CarId", rental.CarId); + cmd.Parameters.AddWithValue("@ClientId", rental.ClientId); + cmd.Parameters.AddWithValue("@StartDate", rental.StartDate); + cmd.Parameters.AddWithValue("@EndDate", rental.EndDate); + cmd.Parameters.AddWithValue("@Cost", rental.Cost); cmd.ExecuteNonQuery(); }