Resolved Datagridview Help

csharpnoob

Member
Joined
Dec 22, 2022
Messages
11
Programming Experience
Beginner
hi
so my problem when i add new items its ok but when add another one its take first one price ..
here ss
Capture2.JPG


Capture4.JPG

Capture5.JPG


C#:
            if (tblProduct.Rows.Count >= 1)
            {
                try
                {

                    string Pro_id = tblProduct.Rows[0][0].ToString();
                    string Pro_Name = tblProduct.Rows[0][1].ToString();
                    string Product_Qty = "1";
                    decimal Product_discount = 0;
                    string units_pro = tblProduct.Rows[0][14].ToString();

                    dgvbuy.Rows.Add(1);
                    int rowindex = dgvbuy.Rows.Count - 1;

                    dgvbuy.Rows[rowindex].Cells[0].Value = Pro_id;
                    dgvbuy.Rows[rowindex].Cells[1].Value = Pro_Name;
                    dgvbuy.Rows[rowindex].Cells[3].Value = Product_Qty;
                    dgvbuy.Rows[rowindex].Cells[2].Value = units_pro;
                    tblUnit = db.readData("select * from Products_Units where Pro_ID=" + dgvbuy.CurrentRow.Cells[0].Value + " and Unit_Name=N'" + dgvbuy.CurrentRow.Cells[2].Value + "'", "");   /////
                    decimal price= 0;
                    try
                    {
                        price= (decimal)tblUnit.Rows[0][5] / (decimal)tblUnit.Rows[0][3]; //

                    }
                    catch (Exception)
                    {

                    }
                    dgvbuy.Rows[rowindex].Cells[4].Value = price;              // i think here the prblm but dont knew how to fix !!!
                    decimal total = Convert.ToDecimal(Product_Qty) * Convert.ToDecimal(price);
                    dgvbuy.Rows[rowindex].Cells[5].Value = Product_discount;
                    dgvbuy.Rows[rowindex].Cells[6].Value = total;

                    //dgvbuy.Rows.Add();
                    //dgvbuy.RefreshEdit();


                }
 
Set a breakpoint on line 19 and step through the code. Your price is dependent on what data is read from the database. I suspect that the query you build on that line is wrong -- likely due to your use of CurrentRow. Depending on when this code you've shown is called, the CurrentRow may not be the row that you think is the current row. Out of curiosity, why not just the variables from line 6 and 7?

Also, never build up a query using string concatenation. You are setting yourself up for a SQL injection, if not now (assuming all your inputs are sanitized now), later when you decide to just copy and paste the code elsewhere where the inputs may not have been sanitized.

Obligatory XKCD cartoon:
exploits_of_a_mom.png
 
hi thank you first . sorry for my bad english

its is like what you have said
its in query . the problem was in CurrentRow

if u didn't tell me i still not fix it i was debugging the code for 1h didn't even see the query was incorrect

Capture.JPG


here query
C#:
                tblUnit = db.readData("select * from Products,Products_Units where Products_Units.Pro_ID=Products.Pro_ID and Pro_Name=N'"+Pro_Name+"' and Products.Pro_ID=" + Pro_id + " and Products_Units.Unit_Name=Products.Sale_unitname", "");
                    decimal realPrice = 0;
                    try
                    {
                        realPrice = Convert.ToDecimal(tblUnit.Rows[0][23]) / Convert.ToDecimal(tblUnit.Rows[0][21]);

                    }
                    catch (Exception)
                    {


Out of curiosity, why not just the variables from line 6 and 7?

sometime i just be a retarded

Also, never build up a query using string concatenation. You are setting yourself up for a SQL injection, if not now (assuming all your inputs are sanitized now), later when you decide to just copy and paste the code elsewhere where the inputs may not have been sanitized.


thanks for the tips and for the help . i knew there is sqli and i have read that u need to use parameters to prevent it . i was going to use it only on form login to prevent login bypass
but will try to use it in the full code since u can drop table or inject other commands
 
Back
Top Bottom