I'm coding in Visual Fundamental. I'm utilizing a checkbox control. Now based on its checked property I have to set/unset a little column inside a SQL Server database. Here's the code:

    Try
        conSQL.Open()

        Dim cmd As New SqlCommand("update Student set send_mail = " + _
            sendemailCheckBox.Checked.ToString + " where student_id = '" _
            + sidnolabel.Text + "'", conSQL)

        cmd.ExecuteNonQuery()
    Finally
        conSQL.Close()
    End Try

The send_mail attribute is of bit datatype. This code isn't working. How do you do it?

my boy is signed up for your school. His title is:

Robert') DROP TABLE STUDENT --

We call him up little Bobby Tables.

Try:

Convert.ToInt16(sendemailCheckBox.Checked)

Generally, I personally use SqlParameters with this, and you will specify a SqlDbType.TinyInt.

Here is a good example of using sqlparameter what's best since it eliminates SQL injection.

EDIT: I simply observed you had been using bit, not tinyint. unsure if this works.

To reply to your question, just assign a Boolean value (i.e. sendemailCheckBox.Checked) towards the bit column within the database.

To assist you together with your SQL injection issues - don't directly write user input right into a SQL string. You have to use parameters to make sure that customers cannot wreck havoc on your database. Your code ought to be written such as this:

Using conSQL As New SqlConnection("SomeConnectionString")
   conSQL.Open()
   Using cm as SqlCommand = conSQL.CreateCommand()
      cm.CommandType = CommandType.Text
      cm.CommandText = 'UDPATE Student SET send_mail = @send_mail WHERE student_id = @student_id'
      cm.Parameters.AddWithValue("@send_mail", sendemailCheckBox.Checked)
      cm.Parameters.AddWithValue("@student_id", sidnolabel.Text)

      cm.ExecuteNonQuery()
   End Using
End Using

First, within the title of all things sacred, a minimum of PARAMETERIZE your SQL code. Otherwise, you are asking for any SQL injection attack.

Second, the "bit" datatype uses 1 for True and for False. That is what SQL really wants to see when you are setting values.

Well bit data type is the same as boolean in C# or Visual Fundamental, so that you can simply assign true or false values to those types and may then update the record inside your database.