As mentioned in the comments, there's no difference between using parameters for an
UPDATE
statement, using parameters for an
INSERT
statement, using parameters for a
SELECT
statement, or using parameters for a
DELETE
statement.
Since you're updating multiple rows, you probably want to use a transaction. That way, if there's an error on any row, all of the changes will be rolled back.
Something like this should work:
using (SqlConnection connection = new SqlConnection("Data Source=(local);Initial Catalog=inventory;Integrated Security=True"))
{
connnection.Open();
using (SqlTransaction transaction = connection.BeginTransaction())
using (SqlCommand command = new SqlCommand("UPDATE product SET quantity = quantity + @quantity WHERE itemname = @itemname", connection, transaction))
{
var pQuantity = command.Parameters.Add("@quantity", SqlDbType.Int);
var pItemName = command.Parameters.Add("@itemname", SqlDbType.NVarChar, 50);
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
pQuantity.Value = Convert.ToInt32(dataGridView1.Rows[i].Cells[5].Value);
pItemName.Value = dataGridView1.Rows[i].Cells[0].Value ?? DBNull.Value;
command.ExecuteNonQuery();
}
transaction.Commit();
}
}