Reputation: 568
Update not working C# ADO.net
I've been at this for hours and cannot find the issue here. I have 3 pages, 2 of which have updates and are working fine, but this one not which I'm hoping someone might be able to find where the issue lies..
Everything 'appears' to work, I see the 'sucessfully updated' message but it just does not update the data.
Here are the relevant snippets of code:
ASCX:
<asp:Repeater ID="TestDataList" runat="server" onItemCommand="Item_Command">
<ItemTemplate>
<div class='<%# Container.ItemIndex % 2 == 0 ? "list-wrap" : "list-wrap alternate" %>'>
<a href="#" class="edit-list icon-pencil icon-large"></a>
<div class="update">
<span class="dl-content">
<h2><asp:Label ID="TestNameDisplay" runat="server" CssClass="name" Text='<%# Eval("TestName") %>'/></h2>
</span>
<asp:LinkButton ID="deleteTestCase" CssClass="delete-list icon-trash icon-large" runat="server" CommandName="deleteTestCase" CommandArgument='<%#Eval("TestCaseID")%>'/>
<%--edit form--%>
<span class="dl-update">
<asp:TextBox ID="TxtUpdateTestName" runat="server" CssClass='textEntry' Text='<%#Eval("TestName")%>'></asp:TextBox>
<asp:LinkButton ID="EditTestNameButton" runat="server" Text="Save" CommandName="SelectTestName" CommandArgument='<%#Eval("TestCaseID")%>' ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>' />
<asp:RequiredFieldValidator ID="UpdateTestNameRequired" runat="server" ControlToValidate="TxtUpdateTestName" CssClass="formValidation" ErrorMessage="What good is a test case with no name?" ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>'/>
</span>
</div>
</ItemTemplate>
</asp:Repeater>
Code Behind:
protected void Item_Command(Object sender, RepeaterCommandEventArgs e)
{
if (e.CommandName == "SelectTestName")
{
string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = " + e.CommandArgument;
SqlConnection conn = new SqlConnection(GetConnectionString());
SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);
TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");
SqlParameter u1 = new SqlParameter("TestName", tb.Text);
SqlParameter u2 = new SqlParameter("TestCaseID", e.CommandArgument);
cmdUpdateTestName.Parameters.Add(u1);
cmdUpdateTestName.Parameters.Add(u2);
try
{
conn.Open();
cmdUpdateTestName.ExecuteNonQuery();
PopulateTestList();
lblUserFeedbackMessage.Text = "Sucessfully updated!";
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Update Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
}
Upvotes: 1
Views: 724
Answers (3)
Reputation: 40970
You are using SqlParameters which is a good thing as it avoids the Sql Injection but then why are you passing the e.CommandArgument directly to update query. so change it to
string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = @TestCaseID";
and add parameter like this(don't forgot to add @ before the parameter name)
SqlParameter u1 = new SqlParameter("@TestName", tb.Text);
SqlParameter u2 = new SqlParameter("@TestCaseID", e.CommandArgument)
Upvotes: 0
Reputation: 2013
Try it this way:
string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = @TestCaseID";
SqlConnection conn = new SqlConnection(GetConnectionString());
SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);
TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");
SqlParameter u1 = new SqlParameter("@TestName", tb.Text);
SqlParameter u2 = new SqlParameter("@TestCaseID", e.CommandArgument);
cmdUpdateTestName.Parameters.Add(u1);
cmdUpdateTestName.Parameters.Add(u2);
Otherwise you don't provide the values for the parameters, because the @ is missing and your command is vulnerable for an sql injection attack.
Upvotes: 1
Reputation:
You have missed the @(Symbol) in sqlparamete object Name ,For your Query parameter object name is @TestName .But you have used SqlParameter Name is @TestName .Missed the @ symbol
Try below line for instead of that line of your code
SqlParameter u1 = new SqlParameter("**@TestName**", tb.Text);
Upvotes: 0