1

I have a problem with executing of multiple sqlcommands. I need to update data several times. The frist sql query regards for both scenarios if,else; but then the second and third sqlcommand will be in if or else accordingly. The problem is that only one sqlcommand works properly, those which is located inside loop. 

public void Button_Submit_Onclick(object sender, EventArgs e)
    {

        for (int i = 0; i < GridView2.Rows.Count; i++)
        {
            con.ConnectionString = ConfigurationManager.ConnectionStrings["TestDeductionsConnectionString2"].ToString();
            int recordid = Convert.ToInt32(GridView2.DataKeys[i].Values[0]);

            CheckBox cbox = (CheckBox)GridView2.Rows[i].FindControl("CheckBox1");
            bool private1 = Convert.ToBoolean(cbox.Checked); 

            SqlCommand cmd = new SqlCommand();
            cmd.Connection = con;
            cmd.CommandText = "Update DetailCosts set private='" + private1 + "' where recordid=" + recordid;

            con.Open();
            if (private1==true)
            {
                cmd.CommandText = "Update DetailCosts set privateCost=Costs where recordid=" + recordid;
                cmd.Parameters.AddWithValue("@private1", SqlDbType.Bit).Value = private1;
                cmd.Parameters.AddWithValue("@recordid", SqlDbType.Int).Value = recordid.ToString();

            }
            else
            {
                cmd.CommandText = "Update DetailCosts set privateCost=0 where recordid=" + recordid;
                cmd.Parameters.AddWithValue("@recordid", SqlDbType.Int).Value = recordid.ToString();
                cmd.Parameters.Add("@private1", SqlDbType.Bit).Value = private1;

            }
            cmd.ExecuteNonQuery();
            con.Close();
        }


    }
Improve this question
1
  • 1
    Firstly, you are only executing one query. Secondly, I think you've misunderstood the need for parameters. If you're just using a command string then just substitute the values in the string. Thirdly, loads of people will shortly lecture you about SQL injection. Commented Jun 12, 2018 at 7:30

2 Answers 2

Reset to default
2

You need to execute every command you want executed so you should add a 

cmd.ExecuteNonQuery();

after your first query to have it also be executed.

If you want both to be executed and not if one fails you should implement transactions and wrap both queries in a transaction.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-1

Here is a working code:

public void Button_Submit_Onclick(object sender, EventArgs e)
    {

        for (int i = 0; i < GridView2.Rows.Count; i++)
        {
            con.ConnectionString = ConfigurationManager.ConnectionStrings["TestDeductionsConnectionString2"].ToString();
            int recordid = Convert.ToInt32(GridView2.DataKeys[i].Values[0]);
            //bool private1 = Convert.ToBoolean(GridView2.FindControl("CheckBox1"));
            CheckBox cbox = (CheckBox)GridView2.Rows[i].FindControl("CheckBox1");
            bool private1 = Convert.ToBoolean(cbox.Checked); 

            SqlCommand cmd = new SqlCommand();
            cmd.Connection = con;
            con.Open();
            cmd.CommandText = "Update DetailCosts set private='" + private1 + "' where recordid=" + recordid;

            cmd.Parameters.AddWithValue("@private1", SqlDbType.Bit).Value = private1;
            cmd.Parameters.AddWithValue("@recordid", SqlDbType.Int).Value = recordid.ToString();
            cmd.ExecuteNonQuery();

            if (private1==true)
            {
                //DateTime date = DateTime.Now;
                //cmd.CommandText = "Update AprovedCosts set AprovedCosts.AprovalUser = ";

                cmd.CommandText = "Update DetailCosts set privateCost=Costs where recordid=" + recordid;
                cmd.ExecuteNonQuery();
            }
            else
            {

                cmd.CommandText = "Update DetailCosts set privateCost=0 where recordid=" + recordid;
                cmd.ExecuteNonQuery();
            }
            con.Close();
        }
Improve this answer

1 Comment

Please review the comment on parameter binding and SQL injection from @spodger above on the parameter binding as you are still building the SQL query manually after which you think you are parameter binding, which you are not. In this way you are prone to SQL injections by manually constructing

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.