Menu
I want to perform the updation of the existing record.. the way that i have paste my code here i have successfully achieved my task but i dont want to do the updation by that way actually.. i want to do such that i get the id of the customer..
private void btnUpdate_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(@"Data Source=COMPAQ-PC-PC\SQLEXPRESS;Initial Catalog=Gym;Integrated Security=True");
if (cn.State == ConnectionState.Closed)
{
cn.Open();
}
int result = new SqlCommand("Update Customer set Customer_Name = '" + tbName.Text + "',Cell_Number = '" + tbContactNumber.Text + "',Customer_Address = '" + tbAddress.Text + "' where CustomerID = " + tbID.Text, cn).ExecuteNonQuery();
if (cn.State == ConnectionState.Open)
{
cn.Close();
}
cn.Dispose();
BindGridView();
}
private void BindGridView()
{
SqlConnection cn = new SqlConnection(@"Data Source=COMPAQ-PC-PC\SQLEXPRESS;Initial Catalog=Gym;Integrated Security=True");
SqlCommand cmd = new SqlCommand("Select * from Customer", cn);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
dgView_CustomerInfo.DataSource = dt.DefaultView;
}
private void dgView_CustomerInfo_RowHeaderMouseClick(object sender, DataGridViewCellMouseEventArgs e)
{
tbID.Text = dgView_CustomerInfo.Rows[e.RowIndex].Cells["CustomerID"].Value.ToString();
tbName.Text = dgView_CustomerInfo.Rows[e.RowIndex].Cells["Customer_Name"].Value.ToString();
tbContactNumber.Text = dgView_CustomerInfo.Rows[e.RowIndex].Cells["Cell_Number"].Value.ToString();
tbAddress.Text = dgView_CustomerInfo.Rows[e.RowIndex].Cells["Customer_Address"].Value.ToString();
}
627
C was designed as a minimalist language to be used in writing operating systems for minicomputers, such as the DEC PDP 7, which had very limited memories compared with the mainframe computers of the period. The language was devised during 1969–73, alongside the early development of the UNIX operating system.
Coding Gorilla above has already given you a perfectly good answer, and I support it.
The question you'll find yourself asking about 20 minutes after this goes live is: "Hey, how did all these hackers get my data?"
The method you have above is RIPE for SQL Injection. Read about it here: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Don't put code like this into production. Sanitize your inputs and use parametrized queries for your DB interactions.
74
I think what you're asking is: How can I store the state of my Customer Id without putting in a text box.
There are a lot of ways to do this, I would do it using the ViewState like this:
public int CustomerId
{
get { return (int)(ViewState["CustomerId"] ?? -1); }
set { ViewState["CustomerId"] = value; }
}
You can read more about the ViewState here: http://msdn.microsoft.com/en-us/library/system.web.ui.control.viewstate.aspx
** EDIT **
If you're using a Windows forms application the ViewState will not work, that's for ASP.NET. Instead you should look at using a BindingSource control and read up on Databind in Winforms.
31
Do not use string concatenation when constructing your SQL!
Use parameterized statements with placeholders, and set the values using a Parameter object.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
