This is not DataSource, its a SqlCommand.
And because of Object-type of all values that stores in Session this kind of solution is not good.
Try this:
string query = "SELECT * FROM Companies WHERE CompanyID = @companyID";
DataTable dt = new DataTable();
SqlCommand cmd = new SqlCommand(query);
cmd.Parameters.Add(new SqlParameter("@companyID", Session["CurrentCompID"]));
using(SqlConnection conn = new SqlConnection("Here Is Your Connection String"))
{
cmd.Connection = conn;
SqlDataAdapter da = new SqlDataAdapter(cmd);
try
{
da.Fill(dt);
}
catch(Exception ex)
{
}
}
And i recommend to check value in Session for existing, and of course on Type matching.
So when you will know exact type of value in session, then you can use other (more preferable) constructor of SqlParameter class.
if(Session["CurrentCompID"] != null)
{
int compId;
if(int.TryParse(Session["CurrentCompID"].ToString(), out compId)
{
SqlParameter par = new SqlParameter("@companyID", SqlDbType.Int);
par.Value = compId;
cmd.Parameters.Add(par);
}
}
For Update query it will looks the same:
string query = "UPDATE [Data] SET [Companyname ]= @Companyname, [UpdatedBy] = @updatedBy, [UpdatedDate]= @updatedDate WHERE [CompanyID] = @CompanyID";
SqlCommand cmd = new SqlCommand(query);
cmd.Parameters.Add(new SqlParameter("@companyID", Session["CurrentCompID"]));
cmd.Parameters.Add(new SqlParameter("@updatedBy", Session["UpdatedBy"]));
cmd.Parameters.Add(new SqlParameter("@updatedDate", Session["UpdatedDate"]));
using(SqlConnection conn = new SqlConnection("Here Is Your Connection String"))
{
cmd.Connection = conn;
try
{
conn.Open();
cmd.ExecuteNonQuery();
}
catch(Exception ex)
{
}
}