lingers says:
if (chk.Checked)
{
if (acceptedCylinder == "[]")
{
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "'", con))
{
cmd.Parameters.AddWithValue("@cylinders", "['" + number.Trim() + "']");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Inserted successfully.');", true);
}
else
{
List<string> CylinderNo = acceptedCylinder.Replace("[", "").Replace("]", "").Replace("'", "").Split(',').ToList();
CylinderNo.Add(number);
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "'", con))
{
cmd.Parameters.AddWithValue("@cylinders", "['" + string.Join("','", CylinderNo.Distinct()) + "']");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Updated Successfully.');", true);
}
}
else
{
if (!string.IsNullOrEmpty(acceptedCylinder))
{
List<string> CylinderNo = acceptedCylinder.Replace("[", "").Replace("]", "").Replace("'", "").Split(',').ToList();
CylinderNo.Remove(number);
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "' ", con))
{
cmd.Parameters.AddWithValue("@cylinders", CylinderNo.Distinct().Count() > 0 ? "['" + string.Join("','", CylinderNo.Distinct()) + "']" : "[]");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Deleted Successfully.');", true);
}
}
In this code you are updating the colun value with single quote. So its inserting values in single quote in the database e.g ['23a','23b']
You neet to modify the code to insert double quote.
protected void OnChckedChanged(object sender, EventArgs e)
{
CheckBox chk = (CheckBox)sender;
GridViewRow row = (GridViewRow)chk.NamingContainer;
string number = row.Cells[2].Text;
string pid = Label27.Text;
string constring = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constring))
{
string acceptedCylinder = GetAcceptedCylinder(pid);
if (chk.Checked)
{
if (acceptedCylinder == "[]")
{
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "'", con))
{
cmd.Parameters.AddWithValue("@cylinders", "[\"" + number.Trim() + "\"]");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Inserted successfully.');", true);
}
else
{
List<string> CylinderNo = acceptedCylinder.Replace("[", "").Replace("]", "").Replace("\"", "").Split(',').ToList();
CylinderNo.Add(number);
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "'", con))
{
cmd.Parameters.AddWithValue("@cylinders", "[\"" + string.Join("\",\"", CylinderNo.Distinct()) + "\"]");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Updated Successfully.');", true);
}
}
else
{
if (!string.IsNullOrEmpty(acceptedCylinder))
{
List<string> CylinderNo = acceptedCylinder.Replace("[", "").Replace("]", "").Replace("\"", "").Split(',').ToList();
CylinderNo.Remove(number);
using (SqlCommand cmd = new SqlCommand("UPDATE issuesheet SET cylinders=@cylinders where pid='" + pid + "' ", con))
{
cmd.Parameters.AddWithValue("@cylinders", CylinderNo.Distinct().Count() > 0 ? "[\"" + string.Join("\",\"", CylinderNo.Distinct()) + "\"]" : "[]");
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
ClientScript.RegisterStartupScript(this.GetType(), "Popup", "ShowPopup('Record Deleted Successfully.');", true);
}
}
}
}
