Solved

Simple GridView Updates Not Working

Posted on 2013-05-29
3
397 Views
Last Modified: 2013-05-29
I have a very basic table that I'm trying to setup to update from the code behind but whenever I click update nothing changes.

C#
        protected void UpdateCarrier(object sender, GridViewUpdateEventArgs e)
        {

            GridViewRow row = (GridViewRow)gvCarrier.Rows[e.RowIndex];
            TextBox carrier = (TextBox)row.FindControl("txtCarrier");
            Label carrierid = (Label)row.FindControl("lblCarrierID");
            gvCarrier.EditIndex = -1;
            assetsCon.Open();
            SqlCommand cmdUpdate = new SqlCommand("UPDATE L_Carrier SET CarrierName = '"+carrier.Text+"' WHERE CarrierID = "+carrierid.Text+"", assetsCon);

            cmdUpdate.ExecuteNonQuery();
            assetsCon.Close();
            BindData();

        }

Open in new window


ASP.NET
<asp:GridView ID="gvCarrier" DataKeyNames="CarrierID" runat="server" AutoGenerateColumns="false" OnRowEditing="EditCarrier" OnRowDataBound="RowDataBound" OnRowUpdating="UpdateCarrier" OnRowCancelingEdit="CancelEdit" EnableModelValidation="True">
    <Columns>
        <asp:TemplateField HeaderText="CarrierID">
            <EditItemTemplate>
                <asp:Label runat="server" Text='<%# Eval("CarrierID") %>' ID="lblCarrierID"></asp:Label>
            </EditItemTemplate>
            <ItemTemplate>
                <asp:Label runat="server" Text='<%# Eval("CarrierID") %>' ID="Label1"></asp:Label>
            </ItemTemplate>
        </asp:TemplateField>

        <asp:TemplateField HeaderText = "Carrier Name">
    <ItemTemplate>
        <asp:Label ID="lblCarrier" runat="server" Text='<%# Eval("CarrierName")%>'></asp:Label>
    </ItemTemplate>
    <EditItemTemplate>
        <asp:TextBox ID="txtCarrier" runat="server" Text='<%# Eval("CarrierName")%>'></asp:TextBox>
    </EditItemTemplate>
    </asp:TemplateField>
    <asp:CommandField ShowEditButton="True" />
</Columns>
</asp:GridView>

Open in new window


I click the button and it closes the editor but no changes happened.
0
Comment
Question by:BigDeer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 39206123
Just a warning you're code is vulnerable to sql injection:

this is a SAMPLE, do NOT run this.

suppose Carrier.text = " ' ; drop table L_Carrier ; --"

this
new SqlCommand("UPDATE L_Carrier SET CarrierName = '"+carrier.Text+"' WHERE CarrierID = "+carrierid.Text+"", assetsCon);

becomes
" UPDATE L_Carrier SET CarrierName = '  ' ; drop table L_Carrier ; --' WHERE CarrierID "


The proper way to do this is here:
http://msdn.microsoft.com/en-us/library/ms972948.aspx

and

http://code.msdn.microsoft.com/CSASPNETGridView-5b16ce70
0
 
LVL 3

Author Comment

by:BigDeer
ID: 39206169
Thanks for that...

Getting:

[FormatException: Input string was not in a correct format.]
   System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +10165251
   System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +207
   System.String.System.IConvertible.ToInt32(IFormatProvider provider) +61
   System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider) +307
   System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType) +1367

[FormatException: Failed to convert parameter value from a String to a Int32.]



I assume from my:

 // Get the ReasonID of the selected row.
string strReasonID = gvReason.Rows[e.RowIndex].Cells[2].Text;

// Append the parameters.
cmd.Parameters.Add("@ReasonID", SqlDbType.Int).Value = strReasonID;
0
 
LVL 3

Author Closing Comment

by:BigDeer
ID: 39206243
I figured it out. Thanks for the link, that's what I needed.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question