0

我有数据网格,我在数据网格中有两个单选按钮,即批准或拒绝,还有一个数据网格中的按钮,即提交

我要做的是选择批准的按钮并在DataGrid中单击一行中提交按钮时,我希望将该行的数据存储在数据库中,并使用ISACTIVE AS 1 AS 1,并且该行应从数据杂题中删除,但是详细信息必须存储在数据库中。

Similarly when the reject button is selected and submit button in datagrid is clicked,the data of that row should be stored in the database with Isactive as 0 and the row should be deleted from the datagrid

详细信息必须存储在数据库中。

处于活动状态未在数据库中更新

有人可以告诉我我的代码有什么问题吗?以下是我尝试过的 C# 代码..

protected void submit(object sender, EventArgs e)
{
    // *Get the Gridview Row* //
    DataGridItem drow = (DataGridItem)(sender as Control).Parent.Parent;

    RadioButton rbpApprove = (RadioButton)drow.FindControl("rbtnapprove");
    RadioButton rbpReject = (RadioButton)drow.FindControl("rbtnreject");

    if (rbpApprove.Checked == true)
    {
        conn.Open();
        SqlCommand cmd = new SqlCommand("Update table set IsActive= 0 where ARGID=@ARGID", conn);

        cmd.ExecuteNonQuery();
        conn.Close();        
    }
    else if (rbpReject.Checked == true)
    {
        conn.Open();
        SqlCommand cmd = new SqlCommand("Update table set IsActive= 1 where ARGID=@ARGID", conn);
        cmd.ExecuteNonQuery();
        conn.Close();
    }


    string empid = dgi.Cells[0].Text;
    string employeename = dgi.Cells[2].Text;
    string designation = dgi.Cells[3].Text;

    conn.Open();
    SqlCommand comm = new SqlCommand("insert into [table] values (" + empid + ",'" + employeename + "','" + designation + "')", conn);
    comm.ExecuteNonQuery();
    conn.Close();        
}
4

1 回答 1

1

第一个问题:

if (rbpApprove.Checked == true)
{
    conn.Open();
    SqlCommand cmd = new SqlCommand("Update table set IsActive= 0 where ARGID=@ARGID", conn);

    cmd.ExecuteNonQuery();
    conn.Close();        
}
else if (rbpReject.Checked == true)
{
    conn.Open();
    SqlCommand cmd = new SqlCommand("Update table set IsActive= 1 where ARGID=@ARGID", conn);
    cmd.ExecuteNonQuery();
    conn.Close();
}

这个块没有做任何事情(或者至少不是它应该做的)

这个位:where ARGID=@ARGID正在检查数据库中带有“@ARGID”的条目。我希望您应该添加参数但忘记了?

cmd.Parameters.AddWithValue("@ARGID", /* The value to be checking for */ )

第二个问题:

SqlCommand comm = new SqlCommand("insert into [T_TADA_aaprovereject_groupdirector] values (" + empid + ",'" + employeename + "','" + designation + "')", conn);

这应该像其他 2 个语句一样进行参数化,以防止SQL 注入

所以我建议你把它改成:

SqlCommand comm = new SqlCommand("insert into [T_TADA_aaprovereject_groupdirector] values (@empid, @employeename, @designation)", conn);
comm.Parameters.AddWithValue(@empid, empid)
comm.Parameters.AddWithValue(@employeename, employeename)
comm.Parameters.AddWithValue(@designation, designation)
于 2013-09-23T15:48:59.897 回答