Search code examples
c#sqlsql-servervisual-studio-2010sql-server-2012

Editing an SQL database record using C#

I have created a small software that connects to a small database. I am using C# and WinForms to connect to a local SQL server and display the database in a datagridview so far I have managed to successfully Add records to the database and select a record for editing.

So when I select a record for editing and I edit the wanted fields I then click the edit button which in theory should update the edited record. However when I do so I seem to face the following error: (See Fig.1)

Fig.1enter image description here

I can not seem to work out why I this error is happening.

Interface: (fig.2)

Fig.2enter image description here

The code that carries out the editing btnEdit:

  private void btnEdit_Click(object sender, EventArgs e)
        {
            try
            {
                //Open Connection
                sc.Open();
                DataTable dt = new DataTable();
                SqlDataAdapter da = new SqlDataAdapter("SELECT * FROM myEmployees WHERE EmpID" + 
                    txtID.Text + " ", sc);
                da.Fill(dt);

                //start the editing of the selected record
                dt.Rows[0].BeginEdit();

                dt.Rows[0][1] = txtFName.Text;
                dt.Rows[0][2] = txtLName.Text;
                dt.Rows[0][3] = txtJRole.Text;
                dt.Rows[0][4] = txtEmp.Text;
                //dt.Rows[0][1] =

                //stop editing
                dt.Rows[0].EndEdit();

                //sql commandbuilder that allow saving of records
                SqlCommandBuilder cb = new SqlCommandBuilder(da);

                //update the database
                da.Update(dt);

                //close connection
                sc.Close();

                loadEmp();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
                // Application.ExitThread();
            }
        }

The datagridview cick event, this takes care of record selection for editing:

private void dgEmployees_Click(object sender, EventArgs e)
        {
            try
            {


                DataTable dt = new DataTable();
                SqlDataAdapter slctRow = new SqlDataAdapter("SELECT * FROM myEmployees WHERE EmpID=" +
                Convert.ToInt16(dgEmployees.SelectedRows[0].Cells[0].Value.ToString()) + " ", sc);
                slctRow.Fill(dt);

                //display records into textboxes
                txtID.Text = dt.Rows[0][0].ToString();
                txtFName.Text = dt.Rows[0][1].ToString();
                txtLName.Text = dt.Rows[0][2].ToString();
                txtJRole.Text = dt.Rows[0][3].ToString();
                txtEmp.Text = dt.Rows[0][4].ToString();

            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
                // Application.ExitThread();
            }

        }
Solution

  • Leaving aside issues of parameterization - you've missed an =:

    SqlDataAdapter da = new SqlDataAdapter("SELECT * FROM myEmployees WHERE EmpID="+ 
                txtID.Text + " ", sc); // WARNING: SQL INJECTION RISK

    However; I strongly suggest you to look at parameterization. For example, what happens if I type (into that text-box):

    0; delete from myEmployees --