Solved

Simple GridView Updates Not Working

Posted on 2013-05-29
3
363 Views
Last Modified: 2013-05-29
I have a very basic table that I'm trying to setup to update from the code behind but whenever I click update nothing changes.

C#
        protected void UpdateCarrier(object sender, GridViewUpdateEventArgs e)
        {

            GridViewRow row = (GridViewRow)gvCarrier.Rows[e.RowIndex];
            TextBox carrier = (TextBox)row.FindControl("txtCarrier");
            Label carrierid = (Label)row.FindControl("lblCarrierID");
            gvCarrier.EditIndex = -1;
            assetsCon.Open();
            SqlCommand cmdUpdate = new SqlCommand("UPDATE L_Carrier SET CarrierName = '"+carrier.Text+"' WHERE CarrierID = "+carrierid.Text+"", assetsCon);

            cmdUpdate.ExecuteNonQuery();
            assetsCon.Close();
            BindData();

        }

Open in new window


ASP.NET
<asp:GridView ID="gvCarrier" DataKeyNames="CarrierID" runat="server" AutoGenerateColumns="false" OnRowEditing="EditCarrier" OnRowDataBound="RowDataBound" OnRowUpdating="UpdateCarrier" OnRowCancelingEdit="CancelEdit" EnableModelValidation="True">
    <Columns>
        <asp:TemplateField HeaderText="CarrierID">
            <EditItemTemplate>
                <asp:Label runat="server" Text='<%# Eval("CarrierID") %>' ID="lblCarrierID"></asp:Label>
            </EditItemTemplate>
            <ItemTemplate>
                <asp:Label runat="server" Text='<%# Eval("CarrierID") %>' ID="Label1"></asp:Label>
            </ItemTemplate>
        </asp:TemplateField>

        <asp:TemplateField HeaderText = "Carrier Name">
    <ItemTemplate>
        <asp:Label ID="lblCarrier" runat="server" Text='<%# Eval("CarrierName")%>'></asp:Label>
    </ItemTemplate>
    <EditItemTemplate>
        <asp:TextBox ID="txtCarrier" runat="server" Text='<%# Eval("CarrierName")%>'></asp:TextBox>
    </EditItemTemplate>
    </asp:TemplateField>
    <asp:CommandField ShowEditButton="True" />
</Columns>
</asp:GridView>

Open in new window


I click the button and it closes the editor but no changes happened.
0
Comment
Question by:BigDeer
  • 2
3 Comments
 
LVL 39

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 39206123
Just a warning you're code is vulnerable to sql injection:

this is a SAMPLE, do NOT run this.

suppose Carrier.text = " ' ; drop table L_Carrier ; --"

this
new SqlCommand("UPDATE L_Carrier SET CarrierName = '"+carrier.Text+"' WHERE CarrierID = "+carrierid.Text+"", assetsCon);

becomes
" UPDATE L_Carrier SET CarrierName = '  ' ; drop table L_Carrier ; --' WHERE CarrierID "


The proper way to do this is here:
http://msdn.microsoft.com/en-us/library/ms972948.aspx

and

http://code.msdn.microsoft.com/CSASPNETGridView-5b16ce70
0
 
LVL 3

Author Comment

by:BigDeer
ID: 39206169
Thanks for that...

Getting:

[FormatException: Input string was not in a correct format.]
   System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +10165251
   System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +207
   System.String.System.IConvertible.ToInt32(IFormatProvider provider) +61
   System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider) +307
   System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType) +1367

[FormatException: Failed to convert parameter value from a String to a Int32.]



I assume from my:

 // Get the ReasonID of the selected row.
string strReasonID = gvReason.Rows[e.RowIndex].Cells[2].Text;

// Append the parameters.
cmd.Parameters.Add("@ReasonID", SqlDbType.Int).Value = strReasonID;
0
 
LVL 3

Author Closing Comment

by:BigDeer
ID: 39206243
I figured it out. Thanks for the link, that's what I needed.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now