Please help me to solve this code I'm getting error

Question

0.00/5 (No votes)

See more:

SQL-Server-2008R2

C#

string ID = GridView1.Rows[e.RowIndex].Cells[0].Text; //ID
string Name = ((TextBox)GridView1.Rows[e.RowIndex].Cells[1].Controls[0]).Text; //Company
string Address = ((TextBox)GridView1.Rows[e.RowIndex].Cells[2].Controls[0]).Text; //Name
string Gender = ((RadioButtonList)GridView1.Rows[e.RowIndex].Cells[3].Controls[0]).Text; //Title
string Country = ((DropDownList)GridView1.Rows[e.RowIndex].Cells[4].Controls[0]).Text; //Address
string State = ((DropDownList)GridView1.Rows[e.RowIndex].Cells[5].Controls[0]).Text; //Country
string City = ((DropDownList)GridView1.Rows[e.RowIndex].Cells[5].Controls[0]).Text; //Country

SqlCommand cmd = new SqlCommand("update SubmitData set Name='" + Name + "',Address='" + Address + "',Gender='" + Gender + "',Country='" + Country + "',State='" + State + "',City='" + City + "' where ID = ID", con);
GridView1.EditIndex = -1;
GetData();

What I have tried:

I'v tried all thing but it not given me desire output and the value also be null plz help me

Posted 21-Apr-16 20:03pm

Shahbaz435

Updated 21-Apr-16 21:10pm

Matt T Heffron

v3

Add a Solution

Comments

Karthik_Mahalingam 22-Apr-16 2:09am

what is the error?
what you are trying to do exactly?

Patrice T 22-Apr-16 2:27am

And you plan to tell us which error ans where ?
And what is desired output ?

Sinisa Hajnal 22-Apr-16 2:30am

What error and which line?

Also, consider using parametrized query, stored procedure or at least string.format for readability of your update query

Nigam,Ashish 22-Apr-16 3:06am

Please mention what out put/error you are getting
I have seen your code I got a problem with your code in last two below lines.

string State = ((DropDownList)GridView1.Rows[e.RowIndex].Cells[5].Controls[0]).Text; //Country
string City = ((DropDownList)GridView1.Rows[e.RowIndex].Cells[5].Controls[0]).Text; //Country

in both line you are using same control for City and State I think it is wrong.

2 solutions

Solution 1

C#

SqlCommand cmd = new SqlCommand("update SubmitData set Name='" + Name + "',Address='" + Address + "',Gender='" + Gender + "',Country='" + Country + "',State='" + State + "',City='" + City + "' where ID = ID", con);

Certainly not your error, but I fear the part is wrong.
Comment: your way to construct the SQL commend is a bad idea because an unexpected parameter can break the commend, and a malicious parameter can lead to a hack with SQL injection.
SQL injection - Wikipedia, the free encyclopedia[^]
SQL Injection[^]

Posted 21-Apr-16 20:40pm

Patrice T

Comments

Matt T Heffron 22-Apr-16 3:11am

+5.
Great minds think alike!
You just typed faster... ;-)

Patrice T 22-Apr-16 3:12am

Thank you :)

[no name] 22-Apr-16 13:17pm

Here a real 5.

Patrice T 22-Apr-16 13:47pm

Thank you

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Matt T Heffron · Accepted Answer · 2016-04-21T21:10:00

Since your comments don't match the names of the variables to which you are assigning, I'd guess that you're putting the wrong values into your update statement. (See **MISMATCH** comments below!)
Also, your where clause is wrong. You aren't using the ID value from the row of the GridView.
I don't see the SqlCommand you construct actually being executed!

Your code is vulnerable to SQL injection[^].
It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database.
NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query. Something like:

C#

// verify that e.RowIndex is valid!
TableCellCollection theRowCells = GridView1.Rows[e.RowIndex].Cells;
string ID = theRowCells[0].Text; //ID
string Name = ((TextBox)theRowCells[1].Controls[0]).Text; //Company  **MISMATCH**
string Address = ((TextBox)theRowCells[2].Controls[0]).Text; //Name  **MISMATCH**
string Gender = ((RadioButtonList)theRowCells[3].Controls[0]).Text; //Title  **MISMATCH**
string Country = ((DropDownList)theRowCells[4].Controls[0]).Text; //Address  **MISMATCH**
string State = ((DropDownList)theRowCells[5].Controls[0]).Text; //Country  **MISMATCH**
string City = ((DropDownList)theRowCells[5].Controls[0]).Text; //Country  **MISMATCH**
// These last two both reference cells[5]!!!

// assuming you've straightened out the values to variables correlation at this point:

using (SqlCommand cmd = new SqlCommand("UPDATE SubmitData SET Name=@NAME, Address=@ADR, Gender=@G, Country=@CNTRY, State=@ST, City=@CITY where ID = @ID", con))
{
  cmd.Parameters.AddWithValue("@NAME", Name);
  cmd.Parameters.AddWithValue("@ADR", Address);
  cmd.Parameters.AddWithValue("@G", Gender);
  cmd.Parameters.AddWithValue("@CNTRY", Country);
  cmd.Parameters.AddWithValue("@ST", State);
  cmd.Parameters.AddWithValue("@CITY", City);
  cmd.Parameters.AddWithValue("@ID", ID);
        
  con.Open();
  cmd.ExecuteNonQuery();
}