0

I've made one Form to create a database entry.

Code:

private void button10_Click(object sender, EventArgs e)
{
    clsMSSQL.clsMSSQL ticket = new clsMSSQL.clsMSSQL(5);
    string query = "INSERT INTO ticket.support (titel, beschreibung, kategorie, ersteller, bearbeiter, email, abteilung) " +
       "Values('" + textBox1.Text + "', '" + textBox2.Text + "', '" + comboBox1.Text + "', '" + textBox4.Text + "', '" + textBox5.Text + "', '" + textBox8.Text + "', '" + comboBox3.Text + "')";
    ticket.Query(query);
    ticket.Close();
    this.Close();
}

now I want to make another form which will be opened by a button on the main form. This form should be able to make changes on the database and should specifically change the selected row in the database sorted by the ID.

I've tried something like:

    clsMSSQL.clsMSSQL edit= new clsMSSQL.clsMSSQL(5);
    string pSQL = "UPDATE INTO ticket.support WHERE id='" + dataGridView1.Rows[i].Cells[11].Value.ToString() + "'";

    clsMSSQL.ExecuteCommand(pSQL);

but that wouldn't work. And because I try to do that on a second form, the code can't find dataGridView1.

Burak
  • 235
  • 1
  • 2
  • 12
  • As far as how to access a form from another form, [see this](https://stackoverflow.com/questions/8566/best-way-to-access-a-control-on-another-form-in-windows-forms) and remember that Forms are classes like anything else. To access something in an object you need a reference to it, it is that simple. Regarding your code - it is vulnerable to sql injection so use parameters instead of concatenating strings. Finally, we can't see the implementation of `clsMSSQL` so there may be problems there too. Hard to say because "wouldn't work" is vague. – Crowcoder Mar 31 '21 at 12:07
  • sql injections are not a huge deal because it will have specific users and will not be public. I just tried to know how to change the sql table by the selected row in the datagridview. – Burak Mar 31 '21 at 12:13
  • And if the user enters a value with a`'`? That is not malicious but it will blow up. See the first link I posted, how to access things on a form from another is asked almost every day. There is good info there. – Crowcoder Mar 31 '21 at 12:14
  • well that would blow it up thats true. Thank you for the link, that would fix the access problem but not how to change values by selected row. – Burak Mar 31 '21 at 12:19
  • [Get the values](https://stackoverflow.com/questions/9049937/how-to-get-values-from-selected-row-in-datagrid-for-windows-form-application/9050003), put them into a SqlCommand and execute the command. `clsMSSQL` isn't something that comes with .NET so I have no idea what it will do. I can say your SQL is invalid, `UPDATE INTO...` isn't a thing. Also, are you sure `id` is a string type and not an integral type? I would help you further if there were a specific problem but there is not enough context to write an answer. – Crowcoder Mar 31 '21 at 12:28

0 Answers0