Click here to Skip to main content
15,037,178 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I inserted like this

Here is the inserted code
C#
private void button1_Click(object sender, EventArgs e)
       {
           string s = "";
           foreach(Control cc in this.Controls)
           {
               if (cc is CheckBox)
               {
                   CheckBox a = (CheckBox)cc;
                   if (a.Checked)
                   {
                       s = a.Text  + s;
                   }
               }
           }
           cn.Open();
           SqlCommand cmd = new SqlCommand("insert into ComboBox(id,hobbies) values('"+textBox1.Text+"','"+s+"')",cn);
           cmd.ExecuteNonQuery();
           cn.Close();
           MessageBox.Show("sved Successfully");
       }

and now i want to retrieve data from database...but i was unable to retrieve data from database actually i am getting data from database..but values are not getting checked..here is the code

C#
private void button2_Click(object sender, EventArgs e)
{
checkBox1.Checked = false;
checkBox2.Checked = false;
checkBox3.Checked = false;
checkBox4.Checked = false;
cn.Open();
SqlCommand cmd1 = new SqlCommand("select * from ComboBox where id='"+textBox1.Text+"'",cn);
SqlDataReader dr = cmd1.ExecuteReader();
if (dr.Read())
{
string aa=dr["hobbies"].ToString();
string[] a = aa.Split();
foreach (Control cc in this.Controls)
{
if (cc is CheckBox)
{
CheckBox b = (CheckBox)cc;
for (int j = 0; j < a.Length; j++)
{
if (a[j] == b.Text)
{
b.Checked = true;
}
}
}
}
}
dr.Close();
cn.Close();
}

can u help me with this??
its not going through foreach loop its getting out can u help me with this??
Posted
Updated 30-Jul-15 0:18am
v2
Comments
[no name] 30-Jul-15 1:04am
   
First, learn to format your code so that it's readable.
Second, stop using string concatenation to construct sql queries, unless you like people to come along and delete your database table, databases and anything else.
Third, learn to debug your code.

1 solution

Do not concatenate strings from user input into your sql queries. You place yourself at high risk of SQL Injection[^] (the link also includes suggestions on how to address the issue)

When you are storing your data on the database you are just concatenating the text from each checkbox - there are no separators in there. So the aa.Split() is returning a single value (the full concatenated string). It will never match the text of any single checkbox therefore none of them will be checked.

You could put a separator between each
s = a.Text  + s + ",";
and pass the separator into the Split
C#
string[] a = aa.Split(',');
but to be honest this design is not good. (For "not good" read "really bad").

If you know the number of checkboxes up front then have a column for each of them on the database (using a BIT datatype). If the number of checkboxes is variable then have a row per checkbox (note the Id you currently use cannot be unique in that case)
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900