Click here to Skip to main content
15,921,941 members
Search within:


How item is checked of checkedboxlist when it is fetch from database
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
how checkedboxitem is selected when it is fetch from database in checkedbox list. what i tried is

What I have tried:

SqlConnection con3 = new SqlConnection(ConfigurationManager.ConnectionStrings["Conec"].ConnectionString);
           SqlCommand cmd3;
           string sql3 = " SELECT Task From Todaywork where Username='" + Login.recuser + "' and Active='1'";
           try
           {
               con3.Open();
               cmd3 = new SqlCommand(sql3, con3);
               string item = cmd3.ExecuteScalar().ToString();
               cmd3.Dispose();
               con3.Close();


               checkedListBoxongoing.SelectedItem = item;





           }
           catch (Exception ex)
           {
               MessageBox.Show(ex.Message);

           }
Posted
Updated 15-Jul-20 3:43am
Add a Solution

1 solution

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

You should also wrap your command and connection objects in using blocks to ensure they're always disposed of properly.

And you'll need to deal with cases where your command returns null:
C#
const string sql3 = "SELECT Task FROM Todaywork WHERE Username = @Username AND Active = '1'";

using (SqlConnection con3 = new SqlConnection(ConfigurationManager.ConnectionStrings["Conec"].ConnectionString))
using (SqlCommand cmd3 = new SqlCommand(sql3, con3))
{
    cmd3.Parameters.AddWithValue("@Username", Login.recuser);
    
    con3.Open();
    object result = cmd3.ExecuteScalar();
    if (result != null && !Convert.IsDBNull(result))
    {
        checkedListBoxongoing.SelectedItem = Convert.ToString(result);
    }
}

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
 
Share this answer
 
Posted
Updated 15-Jul-20 7:10am
v2
Comments
Member 14852747 15-Jul-20 13:00pm    
it give me error of object reference was not set....Command was null
Richard Deeming 15-Jul-20 13:11pm    
Typo in the solution - command.ExecuteScalar() should be cmd3.ExecuteScalar().

However, the error is concerning. It suggests you have another command object stored somewhere which is not wrapped in a using block. You should check that as well.
Member 14852747 15-Jul-20 13:32pm    
Still not working even i rechecked the code
Richard Deeming 16-Jul-20 5:14am    
"Not working" isn't a useful comment. You need to explain precisely what the problem is.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Checking Items in a CheckedBoxList based on Database Data
Wishlist items do not display when being fetched from the session
Create order screen with Checkedboxlist and gridview in C# asp.net
How to retrieve value from database and checked(populate) the checkedboxlist in ASP.NET web application?
Cart registration when item are added
how to fetch data from database using Ajax in jsp and when we select multiple check box its values show in a table like as item name,quantity and cost
How to check a item in checkboxlist1 when a item in checkboxlist2 is checked?
How to fetch database records with checkedlistbox items as parameters
Bind item in checkboxlist after fetching from database
check/uncheck checkbox in a gridview by fetching the value from database

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Jul 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-06-13:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900