NEVER use string concatenation to build a SQL query.
ALWAYS use a parameterized query. If you don't, you'll leave your code vulnerable to
SQL Injection[
^].
In
this particular case, since you have converted the parameter to a number, it's unlikely that anyone could exploit it. However, it's a good idea to get into the habit of always using parameters, so that you don't miss a potentially-exploitable vulnerability.
Also, it looks like you're storing the connection in a field. That's not a good idea. You should create the connection as late as possible, and dispose of it as soon as you're finished using it.
private static OleDbConnection CreateConnection()
{
return new OleDbConnection("....");
}
protected void GridView1_RowDeleting(object sender, GridViewDeleteEventArgs e)
{
int i = e.RowIndex;
DataKey dk = GridView1.DataKeys[i];
using (OleDbConnection con = CreateConnection())
using (OleDbCommand cmd = new OleDbCommand("delete from StudentDetails where SID = ?", con))
{
cmd.Parameters.AddWithValue("SID", dk.Value);
con.Open();
cmd.ExecuteNonQuery();
}
bind();
}