edit the datagridview in windows application

Question

0.00/5 (No votes)

See more:

C#

private void button3_Click(object sender, EventArgs e)
        {

            for (int i = 0; i <= dataGridView1.Rows.Count - 1; i++)
            {

                string a = dataGridView1.Rows[i].Cells["ID"].Value.ToString();
                string b = dataGridView1.Rows[i].Cells["m3"].Value.ToString();
                string c = dataGridView1.Rows[i].Cells["edc"].Value.ToString();
                string d = dataGridView1.Rows[i].Cells["ss"].Value.ToString();
                string query = "UPDATE 3rdsem SET 3rdsem.ID='" + a + "',3rdsem.m3='" + b + "',3rdsem.edc='" + c + "',3rdsem.ss='" + d + "'where 3rdsem.ID='" + a + "'";
                string g = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Documents and Settings\\inet\\My Documents\\marks.accdb";
                OleDbConnection con = new OleDbConnection(g);
                con.Open();
                OleDbCommand cmd = new OleDbCommand(query, con);
                cmd.ExecuteNonQuery();
                con.Close();
            }


            MessageBox.Show("");

        }

All is correct but I got this error how I clear this error?

Syntax error (missing operator) in query expression '3rdsem.ID='1''.

Please help me.

Posted 11-Nov-11 22:20pm

RAMALINGAM.K

Updated 11-Nov-11 22:22pm

André Kraak

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sander Rossel · Answer 1 · 2011-11-11T22:40:00

First of all, I am going to tell you what I have said way to many times before... Use PARAMETERIZED queries!

C#

string id = "MyID";
// etc.
OleDbCommand cmd = new OleDbCommand("UPDATE 3rdsem SET 3rdsem.ID = @ID, 3rdsem.edc = @edc WHERE 3rdsem.ID = @ID", connection);
cmd.Parameters.AddWithValue("@ID", id);
// etc.

Your parameters (@ID, @edc etc.) will now automatically be replaced with the value you specified in the other line of code. The pro to this is that your parameterized query will be cached and the chances that it is re-used again is bigger than for non-parameterized queries, improving performance. But let's say performance is not an issue, I think security is! Try passing a value like "D'artagnan" to your query. The ' character will most likely break your query. In the worst case the value is not "D'artagnan", but something like "*\ drop database" and gone your database will be! This is not the case for parameterized queries though :)
When you use this approach you also don't have to call .ToString on all values. AddWithValue takes an Object as argument.
For more info check this MSDN page[^]

Now what I also wonder is why are you trying to update your ID to the value it already has?
Try this query: "UPDATE 3rdsem SET 3rdsem.m3 = @m3, 3rdsem.edc = @edc, 3rdsem.ss = @ss where 3rdsem.ID = @id"
Having that query parameterized makes it look a lot better, doesn't it? :)
Hope it helps!