Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
GridViewRow gr = GridView1.Rows[e.RowIndex] as GridViewRow;
        TextBox t6 = gr.FindControl("txtEmpid") as TextBox;
        TextBox t3 = gr.FindControl("txtName") as TextBox;
        TextBox t5 = gr.FindControl("txtEmailid") as TextBox;
 
        SqlConnection conn = new SqlConnection(@"Data Source=ARVIND-VAIO\ARVIND;Initial Catalog=ARVIND;Integrated Security=True");
        SqlCommand cmd = new SqlCommand("update Emp_info set Name='"+t3.Text+"',Emailid='"+t5.Text+"' where Empid='"+t6.Text+"'", conn);
        conn.Open();
        cmd.ExecuteNonQuery();
        conn.Close();
        display();
I am getting error Object reference not set to an instance of an object.
The error is on the line with the SqlCommand call.
Posted 11-May-13 6:20am
Edited 11-May-13 6:22am
v3
Comments
André Kraak at 11-May-13 11:23am
   
Debug you program and check if the t3, t5 and t6 variables have a valid value.
Bikash Prakash Dash at 11-May-13 11:29am
   
paste all the code of the event function.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

As alaready suggested, you use the debugger for checking that all the references ( t3, t5, t6 and conn) in the statement are set to valid objects (for instance did you use new on conn?).
  Permalink  
Comments
Arvind Jha at 11-May-13 20:35pm
   
Ho to check with debugger they are set to valid objects or not?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Two problems here:
1) Either one of your names is wrong: "txtEmpid", "txtName", or "txtEmailid" is incorrect, or one of them is not a textbox. This means that the "tn" variable gets a null, so you get the error when you try to use it's Text property. Check the names and types.
 
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is particularly a problem with website code, where your database can be deleted from the other side of the world...
 

"How to use parameterized queries and why?"
 

Why? To prevent me visiting your site from half a world away, and deleting your entire database by typing in your textboxes. Which seems like it might be a bad thing from your point of view.
 
Google for "Sql Injection" and "Bobby tables" and you will find good information on why you should never, ever concatenate SQL commands.
 
How? Parametrised queries are pretty easy: you provide a parameter name in your query, then add a parameter value to that:
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand com = new SqlCommand("UPDATE myTable SET myColumn1=@C1, myColumn2=@C2 WHERE Id=@ID", con))
        {
        com.Parameters.AddWithValue("@ID", id);
        com.Parameters.AddWithValue("@C1", myValueForColumn1);
        com.Parameters.AddWithValue("@C2", myValueForColumn2);
        com.ExecuteNonQuery();
        }
    }
In this example, @ID, @C1 and @C2 are the parameter names (which should always start with '@').
  Permalink  
v2
Comments
Arvind Jha at 11-May-13 20:49pm
   
How to use parameterized queries and why?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Marcin Kozub 265
1 Richard MacCutchan 239
2 OriginalGriff 208
3 Sergey Alexandrovich Kryukov 185
4 Praneet Nadkar 167
0 OriginalGriff 7,913
1 Sergey Alexandrovich Kryukov 7,232
2 DamithSL 5,604
3 Manas Bhardwaj 4,986
4 Maciej Los 4,865


Advertise | Privacy | Mobile
Web02 | 2.8.1411023.1 | Last Updated 12 May 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100