Adding the name of your checkboxes inside the sql string cannot work, and of course neither calling Convert.ToByte on them. In this way you simple insert inside a string the name of your controls and the name of a function that should convert their values. But of course this is only an invalid SQL command for the sql parser of your database.
Instead you should try to resolve your problem creating a valid SQL command from your C# code. This is an initial possible solution to your problem
dt=g1.ExecDB("insert into tbl (check1,check2,check3) values(" +
(check1.Checked ? "1" : "0") + ", " +
(check2.Checked ? "1" : "0") + ", " +
(check3.Checked ? "1" : "0") +
") where loginname='"+Session["log"].ToString()+"'");
but there is a big problem with the concatenation of Session["log"]
.
Concatenating string values (probably setup by user input) to form a sql command is a very bad practice because it is vulnerable to Sql Injection. So a change to the ExecDB
to receive a list of parameters is mandatory.
I suggest to change your ExecDB to something like this
public int ExecDB(string query, List<SqlParameter>parameters = null)
{
using(SqlConnection cn = new SqlConnection(connString))
using(SqlCommand cmd = new SqlCommand(query, cn))
{
cn.Open();
if(parameters != null && parameters.Count > 0)
cmd.Parameters.AddRange(parameters.ToArray());
return cmd.ExecuteNonQuery();
}
}
and call it with
List<SqlParameter> ps = new List<SqlParameter>();
SqlParameter p = new SqlParameter("@login", Session["log"].ToString());
ps.Add(p);
dt=g1.ExecDB("insert into tbl (check1,check2,check3) values(" +
(check1.Checked ? "1" : "0") + ", " +
(check2.Checked ? "1" : "0") + ", " +
(check3.Checked ? "1" : "0") +
") where loginname=@login", ps);
the List<SqlParameter>
parameter passed to ExecDB is optional, thus, if you have any code where the call to ExecDB doesn't need a parameter collection you could leave your code as is now.