Click here to Skip to main content
15,919,749 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
i want to update perticular columns in datagridview using below code but it is not working.

What I have tried:

C#
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;
using System.Data.SqlClient;
using System.Configuration;

private void Form2_Load(object sender, EventArgs e)
{
  da = new OleDbDataAdapter("select * from Spldetails",con1);
  ds = new System.Data.DataSet();
  da.Fill(ds, "spldetails");
  dataGridView1.DataSource = ds.Tables[0];
}

private void button5_Click(object sender, EventArgs e)
        {
            using (OleDbConnection con1 = new OleDbConnection(con))
            {
                
 
                    con1.Open();
                    for (int i = 0; i < dataGridView1.Rows.Count - 1; i++)
                    {
                        cmd = new OleDbCommand();
                        cmd.Connection = con1;
                        string query2 = "Update Spldetails set Status = @sts,Comment =@cmnt,Approvedhrs =@aphr,Reviewer ='" + Environment.UserName + "',Revieweddate = Now where ID =@id ";
                        cmd.Parameters.AddWithValue("@id", dataGridView1.Rows[i].Cells[0].Value);
                        cmd.Parameters.AddWithValue("@sts", dataGridView1.Rows[i].Cells[10].Value);
                        cmd.Parameters.AddWithValue("@cmnt", dataGridView1.Rows[i].Cells[11].Value);
                        cmd.Parameters.AddWithValue("@aphr", dataGridView1.Rows[i].Cells[13].Value);
                        //cmd.Parameters.AddWithValue("@AfterMC", dataGridView1.Rows[i].Cells[15].Value);

                      
                        cmd.CommandText = query2;
                        cmd.ExecuteNonQuery();

                    }
Posted
Updated 7-May-18 4:10am
v2
Comments
Richard Deeming 25-Apr-18 15:02pm    
string query2 = "Update Spldetails set Status = @sts,Comment =@cmnt,Approvedhrs =@aphr,Reviewer ='" + Environment.UserName + "',Revieweddate = Now where ID =@id ";


Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

You already know how to use parameters, so why did you decide not to use a parameter for the reviewer?!

1 solution

I think the problem is: you use the DataSource property and when you use a DataSource, you cant overwrite the DataGridView Cells. I think you should update the DataSource and the problem is solved..
 
Share this answer
 
Comments
Prateek gsharma 8-May-18 13:30pm    
eventhough its not working.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900