How, that I have inserted data in any ID no, now I will edit it and insert a new data in same ID no.

Question

1.00/5 (1 vote)

See more:

C#

private void cmdSave_Click(object sender, EventArgs e)
        {
            //dbcon.Open();
            try
            {
                dbcon.Open();
                SqlCommand chkID = new SqlCommand("Select ReceiveID from PolicyReceive where ReceiveID='" + txtRID.Text + "'", dbcon);
                string result = (string)chkID.ExecuteScalar();
                dbcon.Close();
                if (txtRID.Text == "")
                {
                    MessageBox.Show("Information Empty", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                else if (result == txtRID.Text)
                {//update data

                    for (int item = 0; item <= dataGridView.Rows.Count - 1; item++)
                    {
                        cmd = new SqlCommand("UPDATE PolicyReceive SET ReceiveDate=@ReceiveDate,ReceiveType=@ReceiveType,ReceiveFrom=@ReceiveFrom,MobileNo=@MobileNo,FromZone=@FromZone,PolicyNo=@PolicyNo,PolicyType=@PolicyType,Remarks=@Remarks WHERE ReceiveID=@ReceiveID", dbcon);
                        cmd.Parameters.Clear();
                        cmd.Parameters.AddWithValue("@PolicyNo", dataGridView.Rows[item].Cells[1].Value);
                        cmd.Parameters.AddWithValue("@PolicyType", dataGridView.Rows[item].Cells[2].Value);
                        cmd.Parameters.AddWithValue("@ReceiveID", txtRID.Text);
                        cmd.Parameters.AddWithValue("@ReceiveDate", txtRDate.Text);
                        cmd.Parameters.AddWithValue("@ReceiveType", cmbRType.Text);
                        cmd.Parameters.AddWithValue("@ReceiveFrom", txtRByName.Text);
                        cmd.Parameters.AddWithValue("@MobileNo", txtMobile.Text);
                        cmd.Parameters.AddWithValue("@FromZone", cmbFZone.Text);
                        cmd.Parameters.AddWithValue("@Remarks", txtRemarks.Text);
                        dbcon.Open();
                        cmd.ExecuteNonQuery();
                        dbcon.Close();
                        dbcon.Close();
                    }
                    MessageBox.Show("Update DATA OK");
                    //dbcon.Close();
                    listView.Items.Clear();
                    dataView();
                    dbcon.Close();
                }
                else
                {
                    if (txtRID.Text == "")
                    {
                        MessageBox.Show("Plese Given Information", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
                        txtPolicyNo.Focus();
                    }
                    else
                    {//Insert Data
                        for (int item = 0; item <= dataGridView.Rows.Count - 1; item++)
                        {
                            cmd = new SqlCommand("INSERT INTO PolicyReceive(ReceiveID,ReceiveDate,ReceiveType,ReceiveFrom,MobileNo,FromZone,PolicyNo,PolicyType,Remarks) values (@ReceiveID,@ReceiveDate,@ReceiveType,@ReceiveFrom,@MobileNo,@FromZone,@PolicyNo,@PolicyType,@Remarks)", dbcon);
                            cmd.Parameters.AddWithValue("@PolicyNo", dataGridView.Rows[item].Cells[1].Value);
                            cmd.Parameters.AddWithValue("@PolicyType", dataGridView.Rows[item].Cells[2].Value);
                            cmd.Parameters.AddWithValue("@ReceiveID", txtRID.Text);
                            cmd.Parameters.AddWithValue("@ReceiveDate", txtRDate.Text);
                            cmd.Parameters.AddWithValue("@ReceiveType", cmbRType.Text);
                            cmd.Parameters.AddWithValue("@ReceiveFrom", txtRByName.Text);
                            cmd.Parameters.AddWithValue("@MobileNo", txtMobile.Text);
                            cmd.Parameters.AddWithValue("@FromZone", cmbFZone.Text);
                            cmd.Parameters.AddWithValue("@Remarks", txtRemarks.Text);
                            dbcon.Open();
                            cmd.ExecuteNonQuery();
                            dbcon.Close();
                        }
                        MessageBox.Show("INSER DATA OK");
                        //dbcon.Close();
                        listView.Items.Clear();
                        dataView();
                        dbcon.Close();
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            dbcon.Close();
        }

What I have tried:

I am facing the problem:There is no problem in inserting new data, but the data edit and edit state, if you insert new data, the previous data becomes the new data.

what i want to do,1. First, it will check through the ID, if the ID is the same, then it will edit and if it is a new ID, it will insert the data.
2. I inserted the data whose id is 7. This ID 7 has many policies and types. In this way I inserted more Kisu data. Now I will edit the policy on ID 7 and add some more policies. How do I do this?

Posted 25-Apr-23 8:11am

Member 13702784

Updated 25-Apr-23 9:29am

PIEBALDconsult

v2

Add a Solution

Comments

Richard Deeming 26-Apr-23 3:32am

"Select ReceiveID from PolicyReceive where ReceiveID='" + txtRID.Text + "'"

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

You already know how to use parameters - you've done it for the UPDATE and INSERT queries.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2023-04-25T08:42:00

You need to have two tables: one for the info that is common to all policies for a customer (or whatever the policies relate to) which has a unique ID row, and a second one which has a separate ID and a FOREIGN KEY which links back to ethe other table.
The first time you INSERT, you create the common data table row, then use the ID from that to create the second table data.
Subsequent INSERT operations only add a new row to the second table.