Click here to Skip to main content
15,886,362 members
Search within:


Object reference not set to an instance of an object.
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
C#
GridViewRow gr = GridView1.Rows[e.RowIndex] as GridViewRow;
        TextBox t6 = gr.FindControl("txtEmpid") as TextBox;
        TextBox t3 = gr.FindControl("txtName") as TextBox;
        TextBox t5 = gr.FindControl("txtEmailid") as TextBox;

        SqlConnection conn = new SqlConnection(@"Data Source=ARVIND-VAIO\ARVIND;Initial Catalog=ARVIND;Integrated Security=True");
        SqlCommand cmd = new SqlCommand("update Emp_info set Name='"+t3.Text+"',Emailid='"+t5.Text+"' where Empid='"+t6.Text+"'", conn);
        conn.Open();
        cmd.ExecuteNonQuery();
        conn.Close();
        display();

I am getting error Object reference not set to an instance of an object.
The error is on the line with the SqlCommand call.
Posted
Updated 11-May-13 5:22am
v3
Add a Solution
Comments
André Kraak 11-May-13 11:23am    
Debug you program and check if the t3, t5 and t6 variables have a valid value.
Bikash Prakash Dash 11-May-13 11:29am    
paste all the code of the event function.

2 solutions

As alaready suggested, you use the debugger for checking that all the references ( t3, t5, t6 and conn) in the statement are set to valid objects (for instance did you use new on conn?).
 
Share this answer
 
Posted
Comments
Arvind Jha 11-May-13 20:35pm    
Ho to check with debugger they are set to valid objects or not?
Two problems here:
1) Either one of your names is wrong: "txtEmpid", "txtName", or "txtEmailid" is incorrect, or one of them is not a textbox. This means that the "tn" variable gets a null, so you get the error when you try to use it's Text property. Check the names and types.

2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is particularly a problem with website code, where your database can be deleted from the other side of the world...


"How to use parameterized queries and why?"


Why? To prevent me visiting your site from half a world away, and deleting your entire database by typing in your textboxes. Which seems like it might be a bad thing from your point of view.

Google for "Sql Injection" and "Bobby tables" and you will find good information on why you should never, ever concatenate SQL commands.

How? Parametrised queries are pretty easy: you provide a parameter name in your query, then add a parameter value to that:
C#
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand com = new SqlCommand("UPDATE myTable SET myColumn1=@C1, myColumn2=@C2 WHERE Id=@ID", con))
        {
        com.Parameters.AddWithValue("@ID", id);
        com.Parameters.AddWithValue("@C1", myValueForColumn1);
        com.Parameters.AddWithValue("@C2", myValueForColumn2);
        com.ExecuteNonQuery();
        }
    }
In this example, @ID, @C1 and @C2 are the parameter names (which should always start with '@').
 
Share this answer
 
Posted
Updated 11-May-13 20:12pm
v2
Comments
Arvind Jha 11-May-13 20:49pm    
How to use parameterized queries and why?
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 12 May 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900