Column names missing in the select query
select ITEM_NAME ,PARTY_CODE ,HSNNO,SALE_PRICE,DISC_AMT,CGST,IGST from ITEMOLD$
Formatting the sql Query string is
vulnerable to
SQL Injection[
^] attacks
always use
Parameterized queries to prevent SQL Injection Attacks in SQL Server[
^]
using (SqlCommand cmd = new SqlCommand("select ITEM_NAME ,PARTY_CODE ,HSNNO,SALE_PRICE,DISC_AMT,CGST,IGST from ITEMOLD$ where ITEM_CODE=@code ", con))
{
cmd.Parameters.AddWithValue("@code", txtitemcode.Text.Trim());