-
protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
-
{
-
conn.Open();
-
int idx = e.RowIndex;
-
GridViewRow row1 = GridView1.Rows[idx];
-
// string s = row1.Cells[0].Text;
-
TextBox name = (TextBox)row1.Cells[1].Controls[0];
-
TextBox course = (TextBox)row1.Cells[2].Controls[0];
-
TextBox age = (TextBox)row1.Cells[3].Controls[0];
-
TextBox sex = (TextBox)row1.Cells[4].Controls[0];
-
TextBox dob = (TextBox)row1.Cells[5].Controls[0];
-
TextBox address = (TextBox)row1.Cells[6].Controls[0];
-
TextBox contctno = (TextBox)row1.Cells[7].Controls[0];
-
TextBox mailid = (TextBox)row1.Cells[8].Controls[0];
-
string qd = "update Student set Name='" + name.Text + "',Course='" + course.Text + "',Age=" + age.Text + ",Sex='" + sex.Text + "',DateofBirth='" + dob.Text + "',Address='" + address.Text + "',Contactno=" + contctno.Text + ",Email='" + mailid.Text + "' where Contactno=" + contctno.Text + "";
-
SqlCommand cmd=new SqlCommand(qd,conn);
-
cmd.ExecuteNonQuery();
-
-
GridView1.EditIndex = -1;
-
GridView1.DataBind();
-
conn.Close();
-
fillgv();
-
}
-
the Contactno is my primary key here....whenever i try to update the number it doesn't get updated while all other values get easily updated..i know there is some problem with WHERE clause in my query but i cant figure out what to write instead of this??? and i know firing a sql query is not considered a good programming method so can anyone suggest any other method??
I recommend that you avoid dynamically creating your SQL command the way that you are. Using this method leaves you open to a SQL Injection Attack. These types of attacks are very serious and can be avoided.
In .NET you can use the SqlCommand.Parameters property to build your SQL commands. When you use parameters, anything supplied as a parameter is treated as Literal data.
If you do not use parameters and you simply concatenate a string together using the input provided by the user, the data is not treated as a Literal, meaning that when the SQL query is compiled into a command any SQL syntax entered by the user will also be compiled (letting them query your database).
It's a good idea to start using parameters now before you get into bad habits.
Check out this article on How to use a database in your program for examples on how to use Paremeters with the SqlCommand.
If you're interested in reading up on Sql Injection Attack, check out this article on Sql Inject Attack
Anyways, regarding your question...are you sure you're allowed to update a Primary Key?
-Frinny
4  2179 
I for one don’t understand the question. Could you provide more detail? Are you getting an error?
Sorry,
CroCrew~
I recommend that you avoid dynamically creating your SQL command the way that you are. Using this method leaves you open to a SQL Injection Attack. These types of attacks are very serious and can be avoided.
In .NET you can use the SqlCommand.Parameters property to build your SQL commands. When you use parameters, anything supplied as a parameter is treated as Literal data.
If you do not use parameters and you simply concatenate a string together using the input provided by the user, the data is not treated as a Literal, meaning that when the SQL query is compiled into a command any SQL syntax entered by the user will also be compiled (letting them query your database).
It's a good idea to start using parameters now before you get into bad habits.
Check out this article on How to use a database in your program for examples on how to use Paremeters with the SqlCommand.
If you're interested in reading up on Sql Injection Attack, check out this article on Sql Inject Attack
Anyways, regarding your question...are you sure you're allowed to update a Primary Key?
-Frinny
@Frinavale
the primary key issue was solved and thank you for telling me about sql injection attack..Your articles on it were really helpful..i just wanted to know that the method i used now was correct or not?? -
SqlCommand cmb = new SqlCommand();
-
cmb.Connection = conn;
-
cmb.CommandType = CommandType.Text;
-
cmb.CommandText="update Student set Name='" + name.Text + "',Course='" + course.Text + "',Age=" + age.Text + ",Sex='" + sex.Text + "',DateofBirth='" + dob.Text + "',Address='" + address.Text + "',Contactno=" + contctno.Text + ",Email='" + mailid.Text + "' where Contactno=" + contctno.Text + "";
-
cmb.ExecuteNonQuery();
-
-
if not correct what is the right way to to do it with parameters??
You can't really tell...
The ExecuteNonQuery method returns the number of rows affected...which you can check to make sure that at least one row was updated but you can't tell if the data was stored correctly without selecting from the table again to make sure.
-Frinny
Sign in to post your reply or Sign up for a free account.
Similar topics
by: typingcat |
last post by:
First of all, I'm an Asian and I need to input Japanese, Korean and so
on. I've tried many PHP IDEs today, but almost non of them supported
Unicode (UTF-8) file.
I've found that the only Unicode...
|
by: ALI-R |
last post by:
Hi All,
When we say events are processed asynchronously in for instance Sharepoint
,what dose it mean?
Thanks for your help.
Ali
|
by: Lag |
last post by:
Having a problem updating my database from a web page, through a
submission form. Can anyone help?
----THIS IS MY CODE IN update.php----(user, pass, and database are
typed in directly, I...
|
by: Xah Lee |
last post by:
in March, i posted a essay “What is Expressiveness in a Computer
Language”, archived at:
http://xahlee.org/perl-python/what_is_expresiveness.html
I was informed then that there is a academic...
|
by: Ty Salistean |
last post by:
So, here is a wierd question that we have been discussing for a bit now.
Does an event fire even though nothing is subscribed to listen to the event?
For instance, does the Click event of a...
|
by: Jerry |
last post by:
Hi,
My app is controled by a treeview.
Each node brings a subform for input and calculations to the front. The
subforms are loaded as controls on the main form.
Dim ctl As Control
For Each...
|
by: Daniela Roman |
last post by:
Hello,
I try to fire an event under a button click event and maybe anybody can give
a clue please.
I have let's say a WEB grid with PageIndexChanged event:
private void...
|
by: Simon Says |
last post by:
Hi,
I've a login page in which after authenticating it via the Oracle DB, I will
stored the user information into the Session. However, when the Session
timeout occurs, all of the user...
|
by: Jayant Solanki |
last post by:
i have a problem with edit mode in datagrid. i have a calculation field in datagrid in which i want to do auto caluclation of "Total Fees" after updating the Amount and Rate. so how can i use...
|
by: lenygold via DBMonster.com |
last post by:
Hi everybody!
I have a query which is exected by client in QMF.
He is updating query predicate by entering date range and report_id
and running this query.
If i will create a Parm_table with...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
