Merson93
Reputation: 19
Saving Data from a gridview into a local database in asp.net
I am currently writing a piece of code where the user is supposed to insert a few information about an employee and press one button populate for populating a gridview and another one to save the information in gridview into a local database. While running the what I wrote so far there is a consistent error saying "SqlExeption was unhandled by the user code. I have been trying to fix it but without success. It complains on conn.Open();
This is that specific piece of code:
protected void SaveButton_Click(object sender, EventArgs e)
{
string StrQuery;
try
{
using (SqlConnection conn = new SqlConnection(@"Data Source = C:\EmployeeWebProject\EmployeeWebProject\App_Data\EmployeeDatabase.sdf"))
{
using (SqlCommand comm = new SqlCommand("SELECT * FROM Employee"))
{
comm.Connection = conn;
conn.Open();
for (int i = 0; i < GridView1.Rows.Count; i++)
{
StrQuery = @"INSERT INTO Employee VALUES ("
+ GridView1.Rows[i].Cells[0].ToString() + ", "
+ GridView1.Rows[i].Cells[1].ToString() + ", "
+ GridView1.Rows[i].Cells[2].ToString() + ", "
+ GridView1.Rows[i].Cells[3].ToString() + ", "
+ GridView1.Rows[i].Cells[4].ToString() + ");";
comm.CommandText = StrQuery;
comm.ExecuteNonQuery();
}
}
}
}
finally
{
}
}
Upvotes: 0
Views: 5523
Answers (1)
marc_s
Reputation: 755491
To avoid SQL injection and use properly parametrized queries, and also use the SQL Server CE connection and command objects, try this code:
protected void SaveButton_Click(object sender, EventArgs e)
{
string StrQuery;
try
{
// define connection string and INSERT query WITH PARAMETERS
string connectionString = @"Data Source = C:\EmployeeWebProject\EmployeeWebProject\App_Data\EmployeeDatabase.sdf";
string insertQry = "INSERT INTO Employees(Col1, Col2, Col3, Col4, Col5) " +
"VALUES(@Col1, @Col2, @Col3, @Col4, @Col5);";
// define connection and command for SQL Server CE
using (SqlCeConnection conn = new SqlCeConnection(connectionString))
using (SqlCeCommand cmd = new SqlCeCommand(insertQry, conn))
{
// add parameters to your command - adapt those *as needed* - we don't know your table structure,
// nor what datatype (and possibly length) those parameters are !
cmd.Parameters.Add("@Col1", SqlDbType.Int);
cmd.Parameters.Add("@Col2", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col3", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col4", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col5", SqlDbType.VarChar, 100);
conn.Open();
for (int i = 0; i < GridView1.Rows.Count; i++)
{
// set parameter values
cmd.Parameters["@Col1"].Value = Convert.ToInt32(GridView1.Rows[i].Cells[0]);
cmd.Parameters["@Col2"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col3"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col4"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col5"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.ExecuteNonQuery();
}
}
}
finally
{
}
}
Upvotes: 2
Related Questions
- Saving multiple rows of gridview into database
- how to Save and Update data from GridView to database in ASP.Net C#?
- save all rows of gridview to database asp.net c#
- How to get rows from Gridview and Insert them into database?
- Saving gridview updated data to SQL Server?
- gridview to sql server database
- How to add information to database from gridview?
- how to store gridview contents into database table
- How do I connect gridview to sql using C# in asp.net?
- How to insert data from gridview to database?