I have this assignation function where the admin can assign a police ID to a selected memberreportID. Firstly, the admin will select the case, select the location and choose the number of officers needed for this case. For example if the admin chose 2 officers, it would then display 2 dropdownlist all binded to list down the policeID available.
protected void ddllocation_SelectedIndexChanged(object sender, EventArgs e)
{
using (var connAdd = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI"))
{
connAdd.Open();
var sql = "Select policeid from PoliceAccount where status ='available' and handle ='offcase' and postedto='" + ddllocation.SelectedValue + "'";
using (var cmdAdd = new SqlDataAdapter(sql, connAdd))
{
DataSet ds2 = new DataSet();
cmdAdd.Fill(ds2);
ddlpid1.Items.Clear();
ddlpid1.DataSource = ds2;
ddlpid1.DataTextField = "policeid";
ddlpid1.DataValueField = "policeid";
ddlpid1.DataBind();
ddlpid1.Items.Insert(0, new ListItem("Police ID", ""));
ddlpid1.SelectedIndex = 0;
ddlpid2.Items.Clear();
ddlpid2.DataSource = ds2;
ddlpid2.DataTextField = "policeid";
ddlpid2.DataValueField = "policeid";
ddlpid2.DataBind();
ddlpid2.Items.Insert(0, new ListItem("Police ID", ""));
ddlpid2.SelectedIndex = 0;
}
}
The first SQL command is how i insert them into the assignto column of the selected memberreportID in my database. I'm inserting both policeID i have assigned into the same column, assignto.
protected void btnAssign_Click1(object sender, EventArgs e)
{
using (var connAdd = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI"))
{
String assign = ddlpid1.SelectedValue + ", " + ddlpid2.SelectedValue + ";
connAdd.Open();
var sql = "Update MemberReport Set assignto ='" + assign + "' where memberreportID='" + lbmemberreportid.Text + "'";
using (var cmdAdd = new SqlCommand(sql, connAdd))
{
cmdAdd.ExecuteNonQuery();
}
sql = "Update PoliceAccount Set handle ='" + assign + "' where policeid ='" + ddlpid1.SelectedValue + "' OR '" + ddlpid2.SelectedValue + "'";
using (var cmdAdd = new SqlCommand(sql, connAdd))
{
cmdAdd.ExecuteNonQuery();
}
connAdd.Close();
}
}
However i'm also trying to input this policeID into a table called policeaccount by including the 2nd sql command. This policeaccount has a column called handle which is suppose to show the memberreportID he is handling at the moment. I'm trying to let each policeID's account to receive the selected memberreportID into their handle column by using the OR function. I'm pretty sure there's a OR function for sql syntax. But when i tried to insert i got this error instead
An expression of non-boolean type specified in a context where a condition is expected, near ''.
it should be as below
sql = "Update PoliceAccount Set handle ='" + assign + "' where policeid ='" + ddlpid1.SelectedValue + "' OR policeid = '" + ddlpid2.SelectedValue + "'";
Syntax is
UPDATE tblName Set col1 ='value'
WHERE col2 ='value2'
OR col2 ='value3'
Related
I am quite new to ASP.NET and C#, so I still do not have much of an idea as to how things work. I basically get an error when I run my program and create a maintenance task. My code is shown right below:
private DataTable getMaintenance()
{
DataTable maintenance_dt = new DataTable();
maintenance_dt.Columns.Add("maintenance_ID");
maintenance_dt.Columns.Add("DAILY_MAINTENANCE");
maintenance_dt.Columns.Add("ADMIN_COMMENT");
string SQLstr = "SELECT MAINTENANCE_ID,DAILY_MAINTENANCE,ADMIN_COMMENT FROM " + maintenance_table + " where " + key + " like " + value + " order by MAINTENANCE_ID ";
using (DataTableReader objDataReader = OS.OSFunctions.executeSQLQuery(SQLstr))
{
while (objDataReader.Read())
{
DataRow mItem = maintenance_dt.NewRow();
mItem[0] = objDataReader["MAINTENANCE_ID"].ToString();
mItem[1] = objDataReader["DAILY_MAINTENANCE"].ToString();
if (objDataReader["ADMIN_COMMENT"] != DBNull.Value)
{
mItem[2] = objDataReader["ADMIN_COMMENT"].ToString();
}
else
{
mItem[2] = "";
}
maintenance_dt.Rows.Add(mItem);
}
}
return maintenance_dt;
}
The error I get from running this states
Object reference not set to an instance of an object. objDataReader was null
This occurs when I attempt to create a maintenance task. The code for that is also below right here:
protected void createMaintenance_Click(object sender, System.EventArgs e)
{
string SQLstr;
if (txtMaintenanceName.Text.Length > 0)
{
if (maintenance_table == "ACTIVE_DAILYMAINTENANCE")
{
SQLstr = "SELECT TOP(1) MAINTENANCE_ID FROM ACTIVE_DAILYMAINTENANCE WHERE SCHEDULE_DATE = " + value + " ORDER BY MAINTENANCE_ID desc";
using (DataTableReader objDataReader = OS.OSFunctions.executeSQLQuery(SQLstr))
{
if (objDataReader.Read())
{
int id = Convert.ToInt32(objDataReader["Maintenance_ID"]) + 1;
SQLstr = "insert into " + maintenance_table + " (maintenance_id, DAILY_MAINTENANCE, " + key + ", ADMIN_COMMENT) values ('" + id + "',"
+ " '" + txtMaintenanceName.Text + "'," + value + ",'" + txtAdminMaintenanceComment.Text + "')";
OS.OSFunctions.executeSQLNonQuery(SQLstr);
}
}
}
else
{
SQLstr = "insert into " + maintenance_table + "(DAILY_MAINTENANCE, " + key + ", ADMIN_COMMENT) values ('" + txtMaintenanceName.Text + "'," + value + ",'" + txtAdminMaintenanceComment.Text + "')";
OS.OSFunctions.executeSQLNonQuery(SQLstr);
}
}
Again, it is the getMaintenance() method giving me the error. This also isn't all my code, I do call the getMaintenance() function sometime later in the code for CreateMaintenance. Any help would be greatly appreciated.
EDIT: CODE TRYING OUT DATA SET
private DataSet getMaintenance()
{
DataSet maintenance_ds = new DataSet();
string SQLstr= "SELECT MAINTENANCE_ID,DAILY_MAINTENANCE,ADMIN_COMMENT FROM " + maintenance_table + " where " + key + " like " + value + " order by MAINTENANCE_ID ";
using(SqlConnection connection=new SqlConnection(ConfigurationManager.ConnectionStrings["SQLConnectionString"].ConnectionString))
{
SqlDataAdapter adapter = new SqlDataAdapter();
adapter.SelectCommand = new SqlCommand(SQLstr, connection);
adapter.Fill(maintenance_ds);
return maintenance_ds;
}
}
So, you execute
DataTableReader objDataReader = OS.OSFunctions.executeSQLQuery(SQLstr)
in your using. SQLstr is
"SELECT MAINTENANCE_ID,DAILY_MAINTENANCE,ADMIN_COMMENT FROM " + maintenance_table + " where " + key + " like " + value + " order by MAINTENANCE_ID ";
You will need to use a debugger and jump to this line just before the error is thrown. First of all, you will need to find out what maintenance_table, key and value is. Try finding out what the generated query is and run it in your RDBMS, I think it will most likely return a null for some reason.
It is possible that you are just missing a wildcard character of % being wrapped around value if you have the intention to have a "contains" rather than an "equals" check.
Anyway, in order to detect what the error is you will need to find out what is being generated and why your query results in a null. Once you know what the problem is, you will also know what you need to fix, which largely simplifies the problem.
Since you do not use a parameterized query, I have to mention that if any of the dynamic values you concatenate to the query may come from untrusted sources, such as user input, then your query is vulnerable to SQL injection and you will need to protect your project against this potential exploit.
You do realize that you can send the sql to a datatable, and the columns and the data table is created for you.
so, use this code to get/return a data table.
It not clear if you "else" is to update a existing row, or insert a new one, but the code can look somthing like this:
protected void createMaintenance_Click(object sender, System.EventArgs e)
{
DateTime value = DateTime.Today;
string maintenance_table = "";
string SQLstr = "";
string key = "";
if (txtMaintenanceName.Text.Length > 0)
{
if (maintenance_table == "ACTIVE_DAILYMAINTENANCE")
{
// add new row
int id = NextMaintID(value);
string strSQL = #"SELECT * FROM " + maintenance_table + " WHERE Maintenance_ID = 0";
DataTable rstSched = MyRst(strSQL);
DataRow MyNewRow = rstSched.NewRow();
MyNewRow["maintenance_id"] = id;
MyNewRow["DAILY_MAINTENANCE"] = txtMaintenanceName.Text;
MyNewRow["ADMIN_COMMENT"] = txtAdminMaintenanceComment.Text;
rstSched.Rows.Add(MyNewRow);
MyUpdate(rstSched, strSQL);
}
}
else
{
// update (or add to daily?????
string strSQL = #"SELECT * FROM " + maintenance_table + " WHERE Maintenance_ID = " + key;
DataTable rstSched = MyRst(strSQL);
DataRow MyRow = rstSched.Rows[0];
MyRow["DAILY_MAINTENANCE"] = txtMaintenanceName.Text;
MyRow["ADMIN_COMMENT"] = txtAdminMaintenanceComment.Text;
MyUpdate(rstSched, strSQL);
}
}
So, I only need a few helper routines - (make them global in a static class - you can then use it everywhere - saves boatloads of code.
so these were used:
public DataTable MyRst(string strSQL)
{
// return data table based on sql
DataTable rstData = new DataTable();
using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.TEST4))
{
using (SqlCommand cmdSQL = new SqlCommand(strSQL, conn))
{
cmdSQL.Connection.Open();
rstData.Load(cmdSQL.ExecuteReader());
}
}
return rstData;
}
public DataTable MyRstP(SqlCommand cmdSQL)
{
// return data table based on sql command (for parmaters)
DataTable rstData = new DataTable();
using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.TEST4))
{
using (cmdSQL)
{
cmdSQL.Connection = conn;
conn.Open();
rstData.Load(cmdSQL.ExecuteReader());
}
}
return rstData;
}
void MyUpdate(DataTable rstData, string strSQL)
{
using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.TEST4))
{
using (SqlCommand cmdSQL = new SqlCommand(strSQL, conn))
{
conn.Open();
SqlDataAdapter da = new SqlDataAdapter(cmdSQL);
SqlCommandBuilder daU = new SqlCommandBuilder(da);
da.Update(rstData);
}
}
}
and of course this:
int NextMaintID (DateTime value)
{
int result = 0;
string SQLstr = #"SELECT TOP(1) MAINTENANCE_ID FROM ACTIVE_DAILYMAINTENANCE
WHERE SCHEDULE_DATE = #scDate ORDER BY MAINTENANCE_ID desc";
SqlCommand cmdSQL = new SqlCommand(SQLstr);
cmdSQL.Parameters.Add("#scDate", SqlDbType.Date).Value = value;
DataTable rstNextID = MyRstP(cmdSQL);
result = ((int)rstNextID.Rows[0]["Maintenance_ID"]) + 1;
return result;
}
So, how do you eat a elephant?
Answer: One bite at a time!!!
So, break out just a "few" helper routines that allows data operations against a data table object. That update command will work with edits, adds to rows, and even delete row method of a single row. All such updates can be thus be done with ONE simple update command.
Got stuck with simple task of updating a row in access database using command object from my windows forms app. I'm able to insert record but somehow not able to update the record:
private void openDB()
{
DBPath = Application.StartupPath + "\\myDB.mdb";
conn = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=" + DBPath);
conn.Open();
}
private void btnUpdate_Click(object sender, EventArgs e)
{
string insertString;
openDB();
string updateString;
updateString = "Update Address SET Name='"+ txtName.Text.Trim() + "', IsActive='" + chkAddressActive.Checked +"' where MemberID="+txtMemberID.Text.Trim();
//MessageBox.Show(updateString);
using (OleDbCommand updateCmd = new OleDbCommand(updateString, conn))
{
updateCmd.ExecuteNonQuery();
MessageBox.Show("Record Updated Successfully", "Transaction", MessageBoxButtons.OK, MessageBoxIcon.Information);
dgView.Enabled = true;
ReloadDataForSelectedMember();
}
}
You may need something like this as Name is a reserved word:
updateString = "Update Address SET [Name] = '" + txtName.Text.Trim() + "', IsActive = " + chkAddressActive.Checked.ToString() + " Where MemberID = " + txtMemberID.Text.Trim();
i was trying to update two tables at once, but i got some syntax error on update code could u give me some idea? the insert code works perfect and i tried to copy the insert code and edit on update button clicked
here is my code
private void button2_Click(object sender, EventArgs e)
{
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection();
conn.ConnectionString = #"Provider=Microsoft.ACE.OLEDB.12.0;" +
#"Data source= C:\Users\user\Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\crt_db.accdb";
try
{
conn.Open();
String Name = txtName.Text.ToString();
String AR = txtAr.Text.ToString();
String Wereda = txtWereda.Text.ToString();
String Kebele = txtKebele.Text.ToString();
String House_No = txtHouse.Text.ToString();
String P_O_BOX = txtPobox.Text.ToString();
String Tel = txtTel.Text.ToString();
String Fax = txtFax.Text.ToString();
String Email = txtEmail.Text.ToString();
String Item = txtItem.Text.ToString();
String Dep = txtDep.Text.ToString();
String k = "not renwed";
String Remark = txtRemark.Text.ToString();
String Type = txtType.Text.ToString();
String Brand = txtBrand.Text.ToString();
String License_No = txtlicense.Text.ToString();
String Date_issued = txtDate.Text.ToString();
String my_querry = "update crtPro set Name='" + Name + "',AR='" + AR + "',Wereda='" + Wereda + "',Kebele='" + Kebele + "',House_No='" + House_No + "',P_O_BOX='" + P_O_BOX + "',Tel='" + Tel + "',Fax='" + Fax + "',Email='" + Email + "',Item='" + Item + "',Dep='" + Dep + "','" + k + "',Remark='" + Remark + "' where Name='" + Name + "' ";
OleDbCommand cmd = new OleDbCommand(my_querry, conn);
cmd.ExecuteNonQuery();
String my_querry1 = "SELECT max(PID) FROM crtPro";
OleDbCommand cmd1 = new OleDbCommand(my_querry1, conn);
string var = cmd1.ExecuteScalar().ToString();
String ki = txtStatus.Text.ToString();
String my_querry2 = "update crtItemLicense set PID=" + var + ",Type='" + Type + "',Brand='" + Brand + "',License_No='" + License_No + "',Date_issued='" + Date_issued + "' where PID=" + var + "";
OleDbCommand cmd2 = new OleDbCommand(my_querry2, conn);
cmd2.ExecuteNonQuery();
MessageBox.Show("Message added succesfully");
}
catch (Exception ex)
{
MessageBox.Show("Failed due to" + ex.Message);
}
finally
{
conn.Close();
}
The most likely problem based on the little information given (what database are you using for example - SQL Server 2012?), is that the datatype you are providing in the concatenated dynamic sql does not match the datatype of the column in the database. You've surrounded each value with quotes - which means it will be interpreted as a varchar. If you've got a date value in the wrong format (ie if Date_Issued is a date column) or if it is a number column, then it will error.
The solution is to replace your dynamic SQL with a parameterized query eg:
String my_querry = "update crtPro set Name=#name, AR=#ar, Wereda=#Wereda, etc ...";
OleDbCommand cmd = new OleDbCommand(my_querry, conn);
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("#name", Name);
cmd.Parameters.AddWithValue("#myParam", Convert.ToDateTime(txtDate.Text.Trim()));
...
cmd.ExecuteNonQuery();
You can read about it further here
PS Make sure your parameters are in the same order as they are used in the SQL, because oledbcommand doesn't actually care what you call them. see here
I'm trying to allow my webapp to send an email update whenever a data is being inserted into the database like the codes i'll show below.
This is a btnAssign where it will update the relevant database table and column with data
protected void btnAssign_Click1(object sender, EventArgs e)
{
using (var connAdd = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
String assign = ddlpid1.SelectedValue;
connAdd.Open();
var sql = "Update MemberReport Set assignto ='" + assign + "', caseprogress = 'ongoing' where memberreportID='" + lbmemberreportid.Text + "'";
using (var cmdAdd = new SqlCommand(sql, connAdd))
{
cmdAdd.ExecuteNonQuery();
}
sql = "Insert into PoliceReport(memberreportid) values('" + lbmemberreportid.Text + "')";
// sql = "Update PoliceAccount Set handle ='" + assign + "' where policeid ='" + ddlpid1.SelectedValue + "' OR '" + ddlpid2.SelectedValue + "'";
using (var cmdAdd = new SqlCommand(sql, connAdd))
{
cmdAdd.ExecuteNonQuery();
}
sql = "Update PoliceAccount Set handle ='" + lbmemberreportid.Text + "' where policeid ='" + ddlpid1.SelectedValue + "'";
// sql = "Update PoliceAccount Set handle ='" + assign + "' where policeid ='" + ddlpid1.SelectedValue + "' OR '" + ddlpid2.SelectedValue + "'";
using (var cmdAdd = new SqlCommand(sql, connAdd))
{
cmdAdd.ExecuteNonQuery();
}
}
The insertion / updating of database part is working fine. When i addthe smtp codes to send email by selecting a column, it didnt work.
SqlCommand cmd = new SqlCommand();
SqlDataReader dr;
//SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
//con.Open();
// get the records matching the supplied username or email id.
cmd = new SqlCommand("select * from PoliceAccount where handle='" + lbmemberreportid.Text + "'", connAdd);
dr = cmd.ExecuteReader();
cmd.Dispose();
if (dr.HasRows)
{
dr.Read();
StringBuilder strBody = new StringBuilder();
//Passing emailid,username and generated unique code via querystring. For testing pass your localhost number and while making online pass your domain name instead of localhost path.
strBody.Append("<a>Please be notified that you've been assigned a case to handle. Please proceed to the scene with immediate effect.</a>");
// sbody.Append("&uCode=" + uniqueCode + "&uName=" + txtUserName.Text + ">Click here to change your password</a>");
System.Net.Mail.MailMessage mail = new System.Net.Mail.MailMessage("apr13mpsip#gmail.com", dr["email"].ToString(), "Case Pending", strBody.ToString());
//pasing the Gmail credentials to send the email
System.Net.NetworkCredential mailAuthenticaion = new System.Net.NetworkCredential("apr13mpsip#gmail.com", "Temasekpoly13");
System.Net.Mail.SmtpClient mailclient = new System.Net.Mail.SmtpClient("smtp.gmail.com", 587);
mailclient.EnableSsl = true;
mailclient.Credentials = mailAuthenticaion;
mail.IsBodyHtml = true;
mailclient.Send(mail);
dr.Close();
dr.Dispose();
cmd.ExecuteReader();
cmd.Dispose();
//con.Close();
lbmemberreportid.Text = "";
ddllocation.SelectedIndex = 0;
ddlnumber.SelectedIndex = 0;
ddlpid1.SelectedIndex = 0;
tbdetails.Text = "";
tbproperty.Text = "";
tbsuspect.Text = "";
ddlpid1.Visible = false;
LoadGrid();
lblmsg.ForeColor = System.Drawing.Color.Green;
lblmsg.Text = "MemberReportID" + Session["memberreportid"] + "has been successfully assigned";
}
connAdd.Close();
}
To make matter worse, the label where the message is suppose to appear did not appear. Which means after inserting the data, the code basically stop running. I added a txtFile in the link here if the code i pasted above is confusing.
I really still cant figure out why does my email not run after inserting the data into the database.
Regards.
you are reading dr["email"].ToString() but only select assignto column in your select sql statement . you can change the select sql statement to select both assignto and email columns .
I have a button in my windows forms which UPDATES every table. However, I am getting error SQLException was unhandled. Incorrect syntax near '='.
This is my code in Update Button:
public void btnUpdate_Click(object sender, EventArgs e)
{
foreach (DataGridViewRow row in dataGridView1.Rows)
{
try
{
//MessageBox.Show(row.Cells[7].FormattedValue.ToString());
System.Data.SqlClient.SqlConnection sqlConnection1 =
new System.Data.SqlClient.SqlConnection("server=Test\\Test; Integrated Security=true; Database=Testing;");
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = "UPDATE dbo.JobStatus SET ShipTrackingNumber = '" + row.Cells[7].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.CommandText = "UPDATE dbo.JobStatus SET ShipMethodTransmitted = '" + row.Cells[8].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.CommandText = "UPDATE dbo.JobStatus SET DateShipTransmitProcessed = '" + row.Cells[9].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.CommandText = "UPDATE dbo.JobStatus SET ShipmentProcessedBy = '" + row.Cells[10].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.CommandText = "UPDATE dbo.JobStatus SET Critical = '" + row.Cells[11].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.CommandText = "UPDATE dbo.JobStatus SET ShipTransmitStatus = '" + row.Cells[13].FormattedValue.ToString() + "' WHERE jobtableid = " + row.Cells[5].FormattedValue.ToString();
cmd.Connection = sqlConnection1;
sqlConnection1.Open();
cmd.ExecuteNonQuery();
sqlConnection1.Close();
}
catch (Exception e)
{
MessageBox.Show("Update Failed!!!");
}
}
}
Can anyone tell me what is wrong with these statements? Thanks!
Why not simply do it in a single update statement. So something like:
var sql = new StringBuilder();
sql.AppendLine( "UPDATE dbo.JobStatus" );
sql.AppendLine( "Set ShipTrackingNumber = #TrackingNumber" );
sql.AppendLine( ", DateShipTransmitProcessed = #DateShipTransmitProcessed" );
sql.AppendLine( ", ShipmentProcessedBy = #ShipmentProcessedBy" );
sql.AppendLine( ", Critical = #Critical" );
sql.AppendLine( ", ShipTransmitStatus = #ShipTransmitStatus" );
sql.AppendLine( "Where jobtableId = #jobTableId" );
cmd.Connection = sqlConnection1;
cmd.CommandText = sql.ToString();
cmd.Parameters.AddWithValue("#TrackingNumber", row.Cells[7].FormattedValue);
cmd.Parameters.AddWithValue("#DateShipTransmitProcessed", row.Cells[8].FormattedValue);
cmd.Parameters.AddWithValue("#ShipmentProcessedBy", row.Cells[9].FormattedValue);
cmd.Parameters.AddWithValue("#Critical", row.Cells[10].FormattedValue);
cmd.Parameters.AddWithValue("#ShipTransmitStatus", row.Cells[11].FormattedValue);
cmd.Parameters.AddWithValue("#jobTableId", row.Cells[5].FormattedValue);
Aside from what was mentioned in my comment; I don't see anything wrong with the syntax of your SQL. It's quite possible that your FormattedValue has an invalid character like a ' in the string itself, which would lead to a SQL error. Print out the value of the CommandText itself after the string has been built to see what it actually looks like.
Your UPDATE statement is incorrect. UPDATE syntax is:
UPDATE table
SET
column1 = 'value',
column2 = 'value2'
WHERE
condition;
You are overwriting your statement every time you assign to cmd. You probably want something more like:
cmd = "UPDATE table";
cmd += "SET column1 = '" + value + "',";
cmd += "SET column2 = " + intValue;
cmd += "WHERE idRow = '" + rowToUpdateValue + "'";
Also, if this doesn't help, check that you are not trying to check an INT column using a 'char' value.
Please check your conditions thus:
if(row.Cells[5].FormattedValue.ToString())
then execute update query