Pass date from gridview to another page textbox .

Question

0.00/5 (No votes)

See more:

i have data in a Gridview have Date column when i pass data from gridview to another page using query string by selecting one row ,then date is not getting load in textbox in google chrome browser but it working fine on internet explorer ,kindly guide me

What I have tried:

On Gridview i am using this query for selectiong row:

        protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
        {
            string AID = GridView1.SelectedRow.Cells[1].Text;
            Response.Redirect("Daily Attendance.aspx?AID=" + AID);
        }


on another page i am using this query on page loading

protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                String mycon = ("Data Source=DESKTOP-5PJ76B9;Integrated Security=SSPI;Initial Catalog=Institute");
                String myquery = "Select AID,Datetime,Outdt,Day,Days,OT,Code from HR3  where AID=" + Request.QueryString["AID"];
                SqlConnection con = new SqlConnection(mycon);
                SqlCommand cmd = new SqlCommand();
                cmd.CommandText = myquery;
                cmd.Connection = con;
                SqlDataAdapter da = new SqlDataAdapter();
                da.SelectCommand = cmd;
                DataSet ds = new DataSet();
                da.Fill(ds);
                if (ds.Tables[0].Rows.Count > 0)
                {
                    TBID.Text = ds.Tables[0].Rows[0]["AID"].ToString();
                    //TBEN.Text = ds.Tables[0].Rows[0]["EmployeeName"].ToString();
                    TBIN.Text = ds.Tables[0].Rows[0]["Datetime"].ToString();
                    TBOut.Text = ds.Tables[0].Rows[0]["Outdt"].ToString();
                    TBHrs.Text = ds.Tables[0].Rows[0]["Day"].ToString();
                    TBDay.Text = ds.Tables[0].Rows[0]["Days"].ToString();
                    TBOT.Text = ds.Tables[0].Rows[0]["OT"].ToString();
                    TBEID.Text = ds.Tables[0].Rows[0]["Code"].ToString();
                }
                con.Close();

Posted 20-Nov-18 18:52pm

Member 12314309

Updated 21-Nov-18 2:38am

RickZeeland

v2

Add a Solution

Comments

F-ES Sitecore 21-Nov-18 8:43am

If you pass data on the querystring you should encode it

Server.UrlEncode(AID)

Next issue is that the chances that Cells[1].Text contains nothing but the date are remote, instead you should use FindControl to get the control the data is loaded into to get the actual value. Next you should use a specific date format, so use ToString on a date variable to convert it to a specific format (like yyyy-MM-dd for example) then DateTime.TryParseExact to convert that text back to a date. Next issue is your "where AID=" + .. You normally put date variables in apostrophes. Next issue is that your code is liable to sql injection attacks so you should use parameterised queries to build your sql statements rather than string concatenation.

Shashank Laxman 21-Nov-18 9:09am

string AID = GridView1.SelectedRow.Cells[1].Text;

try using session variables

and then Response.Redirect();

Richard Deeming 23-Nov-18 11:01am

String myquery = "Select AID,Datetime,Outdt,Day,Days,OT,Code from HR3  where AID=" + Request.QueryString["AID"];

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Shashank Laxman 26-Nov-18 8:54am

Yes Concatenating SQL Queries are dangerous if some special character like '(Single Quotes) come in query then SQL query execution will throw exception.Try using Parameterized Query as discussed by Richard Deeming like using Stored Procedures.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)