Click here to Skip to main content
11,927,711 members (57,219 online)
Rate this:
Please Sign up or sign in to vote.
See more: ASP.NET
GridViewRow gr = GridView1.Rows[e.RowIndex] as GridViewRow;
        TextBox t6 = gr.FindControl("txtEmpid") as TextBox;
        TextBox t3 = gr.FindControl("txtName") as TextBox;
        TextBox t5 = gr.FindControl("txtEmailid") as TextBox;
        SqlConnection conn = new SqlConnection(@"Data Source=ARVIND-VAIO\ARVIND;Initial Catalog=ARVIND;Integrated Security=True");
        SqlCommand cmd = new SqlCommand("update Emp_info set Name='"+t3.Text+"',Emailid='"+t5.Text+"' where Empid='"+t6.Text+"'", conn);
I am getting error Object reference not set to an instance of an object.
The error is on the line with the SqlCommand call.
Posted 11-May-13 6:20am
Edited 11-May-13 6:22am
André Kraak 11-May-13 11:23am
Debug you program and check if the t3, t5 and t6 variables have a valid value.
Bikash Prakash Dash 11-May-13 11:29am
paste all the code of the event function.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

As alaready suggested, you use the debugger for checking that all the references ( t3, t5, t6 and conn) in the statement are set to valid objects (for instance did you use new on conn?).
Arvind Jha 11-May-13 20:35pm
Ho to check with debugger they are set to valid objects or not?
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Two problems here:
1) Either one of your names is wrong: "txtEmpid", "txtName", or "txtEmailid" is incorrect, or one of them is not a textbox. This means that the "tn" variable gets a null, so you get the error when you try to use it's Text property. Check the names and types.

2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is particularly a problem with website code, where your database can be deleted from the other side of the world...

"How to use parameterized queries and why?"

Why? To prevent me visiting your site from half a world away, and deleting your entire database by typing in your textboxes. Which seems like it might be a bad thing from your point of view.

Google for "Sql Injection" and "Bobby tables" and you will find good information on why you should never, ever concatenate SQL commands.

How? Parametrised queries are pretty easy: you provide a parameter name in your query, then add a parameter value to that:
using (SqlConnection con = new SqlConnection(strConnect))
    using (SqlCommand com = new SqlCommand("UPDATE myTable SET myColumn1=@C1, myColumn2=@C2 WHERE Id=@ID", con))
        com.Parameters.AddWithValue("@ID", id);
        com.Parameters.AddWithValue("@C1", myValueForColumn1);
        com.Parameters.AddWithValue("@C2", myValueForColumn2);
In this example, @ID, @C1 and @C2 are the parameter names (which should always start with '@').
Arvind Jha 11-May-13 20:49pm
How to use parameterized queries and why?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web03 | 2.8.151126.1 | Last Updated 12 May 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100