Delete selected rows from data grid view and database

Question

0.00/5 (No votes)

See more:

, +

In my WinForms app I need to delete selected rows from data grid view and also from my database at the same time and save the database.

I have this below code where now it is only deleting from datagridview but not from database, kindly guide me where I am wrong.

What I have tried:

private void button1_Click(object sender, EventArgs e)
{
    try
    {
        String msg = "Confirm Delete?";
        String caption = "Delete Record";
        MessageBoxButtons buttons = MessageBoxButtons.YesNo;
        MessageBoxIcon ico = MessageBoxIcon.Question;
        DialogResult result;
        result = MessageBox.Show(this, msg, caption, buttons, ico);
        if (result == DialogResult.Yes)
        {
            foreach (DataGridViewRow item in this.iP_SpoolsDataGridView.SelectedRows)
            {
                using (SqlConnection con = new SqlConnection(cs))
                {
                    SqlCommand cmd = con.CreateCommand();
                    int id = Convert.ToInt32(iP_SpoolsDataGridView.SelectedRows[0].Cells[0].Value);
                    cmd.CommandText = "Delete from Lot_Numbers where ID='" + id + "'";

                    iP_SpoolsDataGridView.Rows.RemoveAt(this.iP_SpoolsDataGridView.SelectedRows[0].Index);
                    con.Open();
                    cmd.ExecuteNonQuery();

                }

            }
        }
        else
        {
            return;
        }
    }
    catch (Exception ex)
    {
        MessageBox.Show("Deleting Failed:" + ex.Message.ToString(), "Delete",
            MessageBoxButtons.OK, MessageBoxIcon.Error);
    }

Posted 16-Dec-20 18:24pm

Member 14898617

Updated 16-Dec-20 18:42pm

Add a Solution

Comments

Richard Deeming 17-Dec-20 3:51am

cmd.CommandText = "Delete from Lot_Numbers where ID='" + id + "'";

Don't do it like that!

Whilst in this specific case you're probably OK, since id is an int, using string concatenation to build a SQL query can and will leave you vulnerable to SQL Injection[^].

Always use parameters:

cmd.CommandText = "Delete from Lot_Numbers where ID = @id";
cmd.Parameters.AddWithValue("@id", id);

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Garth J Lancaster · Accepted Answer · 2020-12-16T18:42:00

I would
1) debug the result of getting the 'id' to make sure it's valid
2) use a sql client and manually issue the delete command you're putting together, but I'd also change from Lot_Numbers to the fully qualified form eg db.table
3) If this doesnt work, verify id's, table name, permissions etc

then

you're doing a lot of work opening the connection every time in the loop (and you dont close it) .. why don't you add your id's from the loop to a list/array, then build a delete statement of the form

SQL

delete from  db.table where id in (1,2,3,4,6);

and execute the delete statement once at the end of the loop