Home > DeveloperSection > Forums > Update not working C# ADO.net
Ankit Singh

Total Post:341

Points:2389
Posted on    June-19-2013 3:48 AM

 ADO.Net ADO.Net 
Ratings:


 1 Reply(s)
 1135  View(s)
Rate this:
Hi Mindstickians,

I've been at this for hours and cannot find the issue here. I have 3 pages, 2 of which have updates and are working fine, but this one not which I'm hoping someone might be able to find where the issue lies..

Everything 'appears' to work, I see the 'sucessfully updated' message but it just does not update the data.

Here are the relevant snippets of code:

ASCX:

<asp:Repeater ID="TestDataList" runat="server" onItemCommand="Item_Command">
        <ItemTemplate>
            <div class='<%# Container.ItemIndex % 2 == 0 ? "list-wrap" : "list-wrap alternate" %>'>
                <a href="#" class="edit-list icon-pencil icon-large"></a>
                <div class="update">
                    <span class="dl-content">
                        <h2><asp:Label ID="TestNameDisplay" runat="server" CssClass="name" Text='<%# Eval("TestName") %>'/></h2>
                    </span>
                    <asp:LinkButton ID="deleteTestCase" CssClass="delete-list icon-trash icon-large" runat="server" CommandName="deleteTestCase" CommandArgument='<

%#Eval("TestCaseID")%>'/>

                    <%--edit form--%>
                    <span class="dl-update">   
                        <asp:TextBox ID="TxtUpdateTestName" runat="server" CssClass='textEntry' Text='<%#Eval("TestName")%>'></asp:TextBox>
                        <asp:LinkButton ID="EditTestNameButton" runat="server" Text="Save" CommandName="SelectTestName" CommandArgument='<%#Eval("TestCaseID")%>'

ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>' />
                        <asp:RequiredFieldValidator ID="UpdateTestNameRequired" runat="server" ControlToValidate="TxtUpdateTestName" CssClass="formValidation"

ErrorMessage="What good is a test case with no name?" ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>'/>
                    </span>
                </div>
</ItemTemplate>
    </asp:Repeater>
Code Behind:

protected void Item_Command(Object sender, RepeaterCommandEventArgs e)
    {
        if (e.CommandName == "SelectTestName")
        {
            string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = " + e.CommandArgument;

            SqlConnection conn = new SqlConnection(GetConnectionString());
            SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);

            TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");

            SqlParameter u1 = new SqlParameter("TestName", tb.Text);
            SqlParameter u2 = new SqlParameter("TestCaseID", e.CommandArgument);

            cmdUpdateTestName.Parameters.Add(u1);
            cmdUpdateTestName.Parameters.Add(u2);

            try
            {
                conn.Open();
                cmdUpdateTestName.ExecuteNonQuery();
                PopulateTestList();
                lblUserFeedbackMessage.Text = "Sucessfully updated!";
            }
            catch (System.Data.SqlClient.SqlException ex)
            {
                string msg = "Update Error:";
                msg += ex.Message;
                throw new Exception(msg);
            }
            finally
            {
                conn.Close();
            }
        }

Thanks in advance for any recommendations or solutions.


Sumit Kesarwani

Total Post:378

Points:2694
Posted on    June-19-2013 8:42 AM

Hi,

try as following

string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = @TestCaseID";

SqlConnection conn = new SqlConnection(GetConnectionString());
SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);

TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");

SqlParameter u1 = new SqlParameter("@TestName", tb.Text);
SqlParameter u2 = new SqlParameter("@TestCaseID", e.CommandArgument);

cmdUpdateTestName.Parameters.Add(u1);
cmdUpdateTestName.Parameters.Add(u2);

Otherwise you don't provide the values for the parameters, because the @ is missing and your command is vulnerable for an sql injection attack.


Don't want to miss updates? Please click the below button!

Follow MindStick