How can update data in gridview and save into database.

Question

0.00/5 (No votes)

See more:

SQL-Server-2008R2

i am trying to change the

Pending

into

verified

in a gridview by clicking the button(verify) and save it into the database.

What I have tried:

i have tried this code

protected void lnkBtnAccept_Click(object sender, EventArgs e)
  {
      try
      {
          var AcceptLink = (Control)sender;
          GridViewRow row = (GridViewRow)AcceptLink.NamingContainer;
          string Id = row.Cells[1].Text;
          DbCommand cmd = DataAccess.CreateCommand();
          //cmd.CommandText = SP.verifyPAN;
          cmd.CommandText = "update membermaster set VerifyPAN =1 where appmstregno='"+ row.Cells[1].Text+"'";
          cmd.Parameters.Add(DataAccess.CreateParameter(cmd, "AppMstRegNo", DbType.String, Id));
          //cmd.Parameters.Add(DataAccess.CreateParameter(cmd, "veryfy", DbType.String, 1));
          int i = DataAccess.ExecuteNonQuery(cmd);

          if (i > 0)
          {
              BindPaymentGrid();
          }
      }
      catch
      {

      }
  }

In the above if verifypan

(column name in table)

value is 0 then it shows pending and verifypan

(column name in table)

value is 1 it shows verified in a gridview but above code is not working please help me to solve this problem as soon as possible.

Posted 21-Apr-20 4:34am

Member 14743579

Updated 21-Apr-20 4:54am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

MadMyche · Accepted Answer · 2020-04-21T04:55:00

Why did you choose to concatenate the user entered text into the SQL Command Text, when you have a Parameter set up? Do you realize that this opens you up to SQL Injection, which has been documented for over 20 years and is still the number 1 application vulnerability?

To fix this and to shortcut your process of adding in the parameter; try this out

C#

cmd.CommandText = "update membermaster set VerifyPAN =1 where appmstregno=@AppMstRegNo";
cmd.Parameters.AddWithValue("@AppMstRegNo", row.Cells[1].Text);

A second suggestion would be to actually do something with that Catch block- perhaps define a variable with the exception and log that or something else to allow debugging to view the exception.

As for your problem at hand, if it is still occurring with; this is going to be more of a debugging issue to see what values are coming into this block of code and seeing if they are what you expect. And if they are correct, why isn't the database finding the desired record?