Click here to Skip to main content
15,942,144 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have data gridview with checkbox, but when I tried to update all the checked rows using a button it does not update all and the only row updated is the first row Please help me. Thank you

What I have tried:

Protected Sub CheckItem_CheckedChanged(sender As Object, e As EventArgs)
        Dim chkstatus As CheckBox = CType(sender, CheckBox)
        Dim row As GridViewRow = CType(chkstatus.NamingContainer, GridViewRow)
    End Sub


Protected Sub CheckHeader_CheckedChanged(sender As Object, e As EventArgs)
        Dim chckheader As CheckBox = CType(RequestHeader.HeaderRow.FindControl("CheckHeader"), CheckBox)

        For Each row As GridViewRow In RequestHeader.Rows
            Dim chckrw As CheckBox = CType(row.FindControl("CheckItem"), CheckBox)

            If chckheader.Checked = True Then
                chckrw.Checked = True
            Else
                chckrw.Checked = False
            End If
        Next
    End Sub


Protected Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click

        For i As Integer = 0 To RequestHeader.Rows.Count - 1

            Dim chkdelete As CheckBox = CType(RequestHeader.Rows(i).Cells(0).FindControl("CheckItem"), CheckBox)

            If chkdelete.Checked = True Then
                Dim id As Integer = Convert.ToInt32(RequestHeader.Rows(i).Cells(0).Text)

                Using cn As New SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings("WFH").ConnectionString)
                    Using cmd As New SqlCommand()
                        cmd.CommandType = CommandType.Text
                        cmd.Connection = cn
                        cn.Open()
                        cmd.CommandText = "UPDATE Approver SET DisApproveDate = @Date  where Request_NO= '" & id & "' "
                        cmd.Parameters.AddWithValue("@Date", SqlDbType.SmallDateTime).Value = DateTime.Now
                        cmd.ExecuteNonQuery()
                        RequestHeader.EditIndex = -1
                        DataBind()
                        cn.Close()
                    End Using
                End Using
            End If
        Next

    End Sub
Posted
Comments
Richard Deeming 20-Jan-21 11:51am    
cmd.CommandText = "UPDATE Approver SET DisApproveDate = @Date  where Request_NO= '" & id & "' "

Whilst in this specific case you're probably OK, since id is known to be an int, using string concatenation to build a SQL query can and will lead to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

You already know how to use parameters - you're doing it for the @Date parameter.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900