Click here to Skip to main content
16,018,264 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
i have an attendance database of college students.
my attendance database contain columns as follows:
date|1|2|3|4|5|6|7|8|9|10|
where 1,2,3,4...10 are the roll numbers.
i am using gridview to display roll_no,name and checkbox column to mark present and absent.
i want to write update query.my current code not executing but values in database are not updating.
my code:
//initializing with todays date and default values for each roll_no as 1
string query = "insert into MCOM values(getdate(),1,1,1,1,1,1,1,1,1,1)";
SqlCommand cmd2 = new SqlCommand(query, con);
cmd2.ExecuteNonQuery();

foreach (GridViewRow gvrow in gvEmp.Rows)
{
CheckBox chk = (CheckBox)gvrow.FindControl("chkSelect");
if (chk != null & chk.Checked)
{

int c = gvrow.RowIndex + 1;
TextBox1.Text = "["+c+"]";
// as textbox contain roll_no(eg.1,2,3....10) for each iteration
string query = "update MCOM set " + TextBox1.Text + "=1 where date=getdate()";
SqlCommand cmd2 = new SqlCommand(query, con);
cmd2.ExecuteNonQuery();
}
else
{
int c = gvrow.RowIndex + 1;
TextBox1.Text = "[" + c + "]";
string query = "update MCOM set " + TextBox1.Text + "=0 where date=getdate()";

SqlCommand cmd1 = new SqlCommand(query, con);
cmd1.ExecuteNonQuery();

}
}

please tell me why my code is executing without errors but still no change in database table.
Posted
Comments
Have you debugged? Please debug and see what is happening in each line.
batman56 28-Feb-15 3:06am    
yes.
no problem in values.everything working properly but changes are not reflected in database tables.

1 solution

Probably because GETDATE returns a value that is accurate to the millisecond: so each time you call it to UPDATE your values, you get a new value that is almost certainly different from the value you stored in the database. As a result, the WHERE condition fails to match any records.

Try using CONVERT(DATE, GETDATE()) instead:
SQL
UPDATE ... WHERE CONVERT(DATE, [date])=CONVERT(DATE, GETDATE())


But please, don't do that! You are using a textbox value directly to construct your SQL string - and that's unbelievably dangerous! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You can't use a parameter to specify the column name, so you will have to look at a more sp]sophisticated system of specifying the column - unless you want your best mate to delete your DB just to see if he can...
 
Share this answer
 
v2
Comments
Schatak 28-Feb-15 3:08am    
+5
batman56 28-Feb-15 3:14am    
thank you.
it worked.
i know not to use txtbox directly.i am just experimenting,now i code properly in my main program.thanks again.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900