0

I want to change a value from the cell (grid view ).When I change the value , I'm getting "SqlException was unhandled In correct syntax near '=' "error. I debugged the code I entered 50 to the cell ,I see that

  e.value= 50 , 

  dt.Rows[e.RowHandle]["Operator_ID"] = null   

 private void gridView1_CellValueChanged(object sender, DevExpress.XtraGrid.Views.Base.CellValueChangedEventArgs e)
 {
        DataTable dt = gridControl1.DataSource as DataTable;
        SqlProcess process = new SqlProcess();
        process.updateQuery(@"UPDATE IE_OPERATOR_GID_KTS_PER SET CarpanDegeri ='" + e.Value +
                           "' WHERE IE_OPERATOR_GTD_KTS_PER.Operator_ID= " + dt.Rows[e.RowHandle]["Operator_ID"]);
}

In the table the property of Operator_ID column is NOT NULL. How can I fix this problem?

Thanks for your answers.

PS:: I'm newer for the C# and SQL .Therefore can you answer explicitly.

Community
  • 1
  • 1
kapozade
  • 137
  • 1
  • 1
  • 11

1 Answers1

4

This is almost certainly because you're constructing your SQL with the values added manually rather than using parameters. Change the SQL to:

UPDATE IE_OPERATOR_GID_KTS_PER SET CarpanDegeri = @CarpanDegeri
WHERE IE_OPERATOR_GTD_KTS_PER.Operator_ID = @OperatorID

... and then supply values for those parameters. It's not clear to me what SqlProcess is, but if it doesn't support parameterized queries then it's fundamentally broken :(

See the SqlCommand.Parameters documentation for an example of how to use parameters. You should always do this for values:

  • It avoids SQL injection attacks
  • It avoids data conversion issues
  • It keeps your code (SQL) and data (parameter values) separate - look how much easier it is to read the SQL above than the version with all the string concatenation
Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194