My word!
There are so many things that need changing with that code...
From the top:
1) Variable names. Don't use "abc", "c", "Filename1". use names which are descriptive of what they are for. Intellisense helps you to type them ,so it is not extra effort, and it makes you code much more readable.
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is particularly dangerous in this code:
string str = "select * from usr_mail where m_rec='" + txt_mailto.Text + "' and m_fuldt='" + Filename1.ToString() + "' order by m_id";
SqlCommand cmd = new SqlCommand(str, c.con);
Instead:
string str = "select * from usr_mail where m_rec=@MTO and m_fuldt=@FNM" order by m_id";
SqlCommand cmd = new SqlCommand(str, c.con);
cmd.Parameters.AddWithValue("@", txt_mailto.Text);
cmd.Parameters.AddWithValue("@", Filename1);
3) Stop converting strings to string! If it is a string allready, then adding
.ToString()
to the end, just wastes time and memory.
4)If you add two strings, and one of them is a constant, what er the odds that the resulting string will be empty? So how often is this going to fail to be true?
string strRequest = "Attach/"+ViewState["fullname"].ToString();
if (strRequest != "")
{
5) Never, ever do this:
String Filename1 = System.DateTime.Now.Day.ToString();
Filename1 = Filename1 + "-" + System.DateTime.Now.Month.ToString();
Filename1 = Filename1 + "-" + System.DateTime.Now.Year.ToString();
What happens at midnight, server time? Answer, you get stupid dates in your file, and can't work out why. Instead, only ever fetch the current date/time once, and use that. In addition, use DateTime.ToString() with a format string to generate the date you want:
string date = DateTime.Now.ToString("yyyy-MM-dd");
It is shorter, clearer, and less prone to odd bugs.
6) Use UPPER CASE to distinguish SQL Commands from your text. Combined with (2) above
string str = "select * from usr_mail where m_rec='" + txt_mailto.Text + "' and m_fuldt='" + Filename1.ToString() + "' order by m_id";
becomes:
string str = "SELECT * FROM usr_mail WHERE m_rec=@MTO AND m_fuldt=@FNM" ORDER BY m_id";
It helps to break out the fixed and variable parts of the statement.
7) Don't return database information you are not going to use: it wastes network bandwidth and time. Don't use "*" as the field specifier: list the fields you are interested in instead.
SELECT m_att FROM user_mail WHERE ...
8) Why the heck are you getting all records just to count them? Use a Scalar query instead:
string str = "SELECT COUNT(*) FROM usr_mail WHERE m_rec=@MTO AND m_fuldt=@FNM";
SqlCommand cmd = new SqlCommand(str, c.con);
cmd.Parameters.AddWithValue("@MTO", txt_mailto.Text);
cmd.Parameters.AddWithValue("@FNM", Filename1);
int i = cmd.ExecuteScalar();
There's more, but I'm sure that lot will keep you busy for a while!