On click button presents the following code,
For some reason it wont delete data from database, (the dropdownlist is valid) any advice or changes needed?
protected void deleteback_Click(object sender, EventArgs e)
{
// declare variables
String EditNewID = DropDownList3.SelectedItem.Value;
// set connection string to database
String connectionString = WebConfigurationManager.ConnectionStrings["ScrumString"].ConnectionString;
SqlConnection myConnection2 = new SqlConnection(connectionString);
// delete values to product backlog
myConnection2.Open();
String query = "DELETE * FROM product_backlog WHERE product_backlog.id = #id ";
SqlCommand commanddelete = new SqlCommand(query, myConnection2);
commanddelete.Parameters.AddWithValue("#id", EditNewID);
// refresh page
Page.Response.Redirect(Page.Request.Url.ToString(), true);
commanddelete.ExecuteNonQuery();
myConnection2.Close();
}
maybe you are creating one string ID instead an integer
Try something like
commanddelete.Parameters.Add("#id", SqlDbType.Int);
commanddelete.Parameters["#id"].Value = Int32.Parse(customerID);
Related
I am trying to update a databse entry under a specific id in my table when the users enter their ID number in a textBox.
At the moment it updates but updates all entries in my table except the entry containing the users ID number.
This is the code I am currently using:
private void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(#"Data Source=DEVELOPMENT\ACCESSCONTROL;Initial Catalog=ACCESSCONTROL;User ID=sa;Password=P#55w0rd123");
SqlCommand check_User_Name = new SqlCommand("SELECT Id FROM NewVisitor WHERE (IDNumber = #IDNumber)", con);
check_User_Name.Parameters.AddWithValue("#IDNumber", idNumber_TxtBox.Text);
con.Open();
int UserExist = (int)check_User_Name.ExecuteScalar();
if (UserExist > 0)
{
var connetionString = #"Data Source=DEVELOPMENT\ACCESSCONTROL;Initial Catalog=ACCESSCONTROL;User ID=sa;Password=P#55w0rd123";
var sql = "UPDATE NewVisitor SET PersonVisit = #PersonVisit, PurposeVisit = #PurposeVisit, Duration = #Duration, Disclaimer = #Disclaimer";
try
{
using (var connection = new SqlConnection(connetionString))
{
using (var command = new SqlCommand(sql, connection))
{
command.Parameters.Add("#PersonVisit", SqlDbType.NVarChar).Value = personVisiting_TxtBox.Text;
command.Parameters.Add("#PurposeVisit", SqlDbType.NVarChar).Value = purposeOfVisit_CMBox.SelectedItem;
command.Parameters.Add("#Duration", SqlDbType.Date).Value = duration_dateTimePicker1.Value.Date;
command.Parameters.Add("#Disclaimer", SqlDbType.NVarChar).Value = disclaimer_CHKBox.Checked;
connection.Open();
command.ExecuteNonQuery();
}
}
}
The whole table has many more fields but would like to just update the above fields within that specific ID.
Thanks
You forgot the WHERE clause on the UPDATE statement, telling it specifically which records to update. It sounds like you just want to add the exact same WHERE clause that you have on your SELECT:
var sql = "UPDATE NewVisitor SET PersonVisit = #PersonVisit, PurposeVisit = #PurposeVisit, Duration = #Duration, Disclaimer = #Disclaimer WHERE (IDNumber = #IDNumber)";
And don't forget to add the paramter for it:
command.Parameters.Add("#IDNumber", SqlDbType.Int).Value = idNumber_TxtBox.Text;
You may need to convert the input value to an integer first, I'm not 100% certain (it's been a while since I've had to use ADO.NET directly). Something like this:
if (!int.TryParse(idNumber_TxtBox.Text, out var idNumber))
{
// input wasn't an integer, handle the error
}
command.Parameters.Add("#IDNumber", SqlDbType.Int).Value = idNumber;
I've a database project , and i'm needed to add elements from database to checklist box,, how can i do that??
this is the code i have written but its seems that it has a problem
private void CheckedListBox1_SelectedIndexChanged(object sender, EventArgs e)
{
string connection_string = #"Data Source=DESKTOP-MMHA4KL;Initial Catalog=Movie rental;Integrated Security=True";
SqlConnection connection = new SqlConnection(connection_string);
string Add_to_checkbox = "SELECT name from [Actor]";
SqlCommand comm = new SqlCommand(Add_to_checkbox, connection);
connection.Open();
SqlDataReader read_name = comm.ExecuteReader();
int lastindex = 0;
while(read_name.Read())
{
string name = read_name.ToString();
checkedListBox1.Items.Add(name);
}
}
Even though there is only one field being selected in your query, you need to specify it in the read. try
string name = read_name["name"].ToString();
I have the label:
<asp:Label ID="lbl1" runat="server"></asp:Label>
Code behind:
protected void Page_Load(object sender, EventArgs e)
{
lbl1.Text = ImageCheck().ToString();
}
And:
protected int ImageCheck()
{
SqlConnection connection = new SqlConnection(#"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\***.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
string CommandText2 = "SELECT * FROM Machreta WHERE noImage = 1";
SqlCommand command2 = new SqlCommand(CommandText2, connection);
connection.Open();
int check = (int)command2.ExecuteScalar();
connection.Close();
return check;
}
How can i return multiple values? That label display only single value but there are 6 more in the table.
try this:
protected string ImageCheck()
{
var result = new StringBuilder();
using(var connection = new SqlConnection(#"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\***.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"))
{
string CommandText2 = "SELECT * FROM Machreta WHERE noImage = 1";
SqlCommand command2 = new SqlCommand(CommandText2, connection);
connection.Open();
using(var reader = command2.ExecuteReader())
{
while (reader.Read())
{
result.Append(reader.GetString(0));
}
}
return result.ToString();
}
}
of course is only an example and not fully solving your issue but should be a starting point :)
Here is the explanation of ExecuteScalar() method. http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.executescalar%28v=vs.71%29.aspx
"Executes the query, and returns the first column of the first row in the result set returned by the query. Extra columns or rows are ignored."
Also, SELECT * will fetch all the columns. You probably want to display multiple values for single column. Then select the column name in select statement.
SELECT xyzColumn FROM Machreta WHERE noImage = 1
Lastly, you can assign only one string to label.text. So, you will have to concatenate all these strings (multiple values for single column) and then assign it to label text. Use a reader and ExecuteReader() method instead of ExuecuteScalar().
I'm using ASP.Net/C# and I have a form that allows people to add information into a table and along with it I want to collect the Current Users GUID and insert it.
I have a field setup (UserID) as a unique identifier and I have the following code:
protected void Page_Load(object sender, EventArgs e)
{
MembershipUser currentUser = Membership.GetUser();
Guid temp = (Guid)(Membership.GetUser(User.Identity.Name).ProviderUserKey);
Guid #currentUserID = temp;
}
SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\ASPNETDB.MDF;Integrated Security=True;User Instance=True");
SqlCommand cmd;
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
cmd = new SqlCommand("insert into Accom (UserID) values('" + #currentUserID + "')", con);
cmd.ExecuteNonQuery();
}
I basically want to link the variable to the Database any idea how as the above gives errors.
You should never insert values directly into a SQL statement like that, no matter what type they are, as that opens you up to a SQL Injection attack. Instead, you should use parameters in your query, through which System.Guid values will be automatically translated to the SQL Server uniqueidentifier type. This is how I would do it:
Guid currentUserId = (Guid)(Membership.GetUser(User.Identity.Name).ProviderUserKey);
using (var connection = new SqlConnection("..."))
using (var command = connection.CreateCommand())
{
command.CommandText = "INSERT INTO Accom (UserID) VALUES (#UserID)";
var param = command.Parameters.Add("#UserID", SqlDbType.UniqueIdentifier);
param.Value = currentuserId;
connection.Open();
command.ExecuteNonQuery();
}
Guid #currentUserID = temp;
You are defining a variable currentUserID in local scope - you must save this variable in the Session so you can access it in the Button1_Click method:
Session["UserId"] = currentUserID;
Now you can retrieve it in Button1_Click:
Guid currentUserID = (Guid)Session["UserId"];
Also the # is not needed nor should it be there, you only should need it if you want to define variables with a name that matches a C# keyword - this is bad style anyway. Also you want to put the SqlConnection specific code all within the button click handler - otherwise this variable is instantiated evertime the page loads, not just when the button click handler is used. Finally you also want to use SqlParameters instead of strings in your SQL insert statement.
Edit:
As #pst pointed out, the more "ASP.NET way" would be to just use an instance variable
Guid currentUserID;
that you declare as part of the class, not within a method - then you can use this variable throughout the page. This means however, the user id will not be available on other pages (with a session it could be retrieved through the life time of the session on any page).
I dont know if SQL server supports GUID as a datatype, in MysQL I would go with a char, but that is not important, just a comment. The important part is that in the method:
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
cmd = new SqlCommand("insert into Accom (UserID) values('" + #currentUserID + "')", con);
cmd.ExecuteNonQuery();
}
You don't specify the actual value for #currentUserID
you must rewrite it to something like:
protected void Button1_Click(object sender, EventArgs e)
{
SqlParameter param = new SqlParameter();
con.Open();
cmd = new SqlCommand("insert into Accom (UserID) values(#currentUserID)", con);
//this are the important lines that I'm talking about
param.ParameterName = "#currentUserID";
param.Value = valueOfUserId;
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
}
Hope that helps.
In the original code above the currentUser variable is unused. Also if the user is not logged on the call to Membership.GetUser(User.Identity.Name) will return a null reference and trying to retrieve ProviderUserKey code will throw a NullReferenceException. It would be better to have something along these lines;
public partial class Default : System.Web.UI.Page
{
MembershipUser currentUser;
protected void Page_Load(object sender, EventArgs e)
{
currentUser = Membership.GetUser();
}
protected void Button1_Click(object sender, EventArgs e)
{
if (null != currentUser)
{
Guid currentUserID = currentUser.ProviderUserKey;
// database code here
}
}
}
i m trying to edit the values in database through textboxes in ASP.
first i retrived the values from database and set those values to the value property of textboxes on the form so that user can see the old values.
now, i want him to enter new values in the same textboxes and when he click on update the new values should be updated in the database.
can any one tell what i have to do to get those new values????
when to submit the form????
the code:
protected void Button2_Click(object sender, EventArgs e)
{
string MachineGroupName = TextBox2.Text;
string MachineGroupDesc = TextBox3.Text;
int TimeAdded = DateTime.Now.Hour + DateTime.Now.Minute + DateTime.Now.Second;
if (MachineGroupName == "" || MachineGroupDesc == "")
{
Label2.Text = ("Please ensure all fields are entered");
Label2.Visible = true;
}
else
{
System.Data.SqlClient.SqlConnection dataConnection = new SqlConnection();
dataConnection.ConnectionString =
#"Data Source=JAGMIT-PC\SQLEXPRESS;Initial Catalog=SumooHAgentDB;Integrated Security=True";
System.Data.SqlClient.SqlCommand dataCommand = new SqlCommand();
dataCommand.Connection = dataConnection;
//tell the compiler and database that we're using parameters (thus the #first, #last, #nick)
dataCommand.CommandText = ("UPDATE [MachineGroups] SET ([MachineGroupName]=#MachineGroupName,[MachineGroupDesc]=#MachineGroupDesc,[TimeAdded]=#TimeAdded) WHERE ([MachineGroupID]= #node)");
//add our parameters to our command object
dataCommand.Parameters.AddWithValue("#MachineGroupName", MachineGroupName);
dataCommand.Parameters.AddWithValue("#MachineGroupDesc", MachineGroupDesc);
dataCommand.Parameters.AddWithValue("#TimeAdded", TimeAdded);
dataConnection.Open();
dataCommand.ExecuteNonQuery();
dataConnection.Close();
}
You're not providing the #node parameter. so you should get an exception. Also change your sql statement like that without parenthesis :
long MachineGroupID = Convert.ToInt64(Request.QueryString["node"]);
dataCommand.CommandText = "UPDATE [MachineGroups] SET [MachineGroupName]=#MachineGroupName,[MachineGroupDesc]=#MachineGroupDesc,[TimeAdded]=#TimeAdded WHERE [MachineGroupID]= #MachineGroupID";
//add our parameters to our command object
dataCommand.Parameters.AddWithValue("#MachineGroupName", MachineGroupName);
dataCommand.Parameters.AddWithValue("#MachineGroupDesc", MachineGroupDesc);
dataCommand.Parameters.AddWithValue("#TimeAdded", TimeAdded);
dataCommand.Parameters.AddWithValue("#MachineGroupID", MachineGroupID);
EDIT : As you posted your insert page, your table should have an ID column to identify your record uniquely. As I see in your update SQL youe ID column's name is MachineGroupID. So to update your record, you should provide MachineGroupID as #node parameter. try to get this MachineGroupID value in your event and pass it into your Command.
long MachineGroupID = Convert.ToInt64(Request.QueryString["node"]);
dataCommand.CommandText = "UPDATE [MachineGroups] SET
[MachineGroupName]=#MachineGroupName,[MachineGroupDesc]=#MachineGroupDesc,
[TimeAdded]=#TimeAdded WHERE [MachineGroupID]= #MachineGroupID",cn; //add our parameters to our command object
dataCommand.Parameters.AddWithValue("#MachineGroupName", MachineGroupName);
dataCommand.Parameters.AddWithValue("#MachineGroupDesc", MachineGroupDesc);
dataCommand.Parameters.AddWithValue("#TimeAdded", TimeAdded);
dataCommand.Parameters.AddWithValue("#MachineGroupID", MachineGroupID);
example :
SqlCommand cmdup = new SqlCommand("UPDATE [port1] SET [prt1]=#prt1 WHERE [no]= 1", cn);
cmdup.Parameters.Add("#prt1", TextBox1.Text);
cmdup.ExecuteNonQuery();
I think this may help your case, mention Connection at the last of your update command
ok i have the insert page which is working fine with this code.......
protected void Button2_Click(object sender, EventArgs e)
{
string MachineGroupName = TextBox2.Text;
string MachineGroupDesc = TextBox3.Text;
int TimeAdded = DateTime.Now.Hour+DateTime.Now.Minute+DateTime.Now.Second;
if (MachineGroupName == "" || MachineGroupDesc == "")
{
Label1.Text = ("Please ensure all fields are entered");
Label1.Visible = true;
}
else
{
System.Data.SqlClient.SqlConnection dataConnection = new SqlConnection();
dataConnection.ConnectionString =
#"Data Source=JAGMIT-PC\SQLEXPRESS;Initial Catalog=SumooHAgentDB;Integrated Security=True";
System.Data.SqlClient.SqlCommand dataCommand = new SqlCommand();
dataCommand.Connection = dataConnection;
//tell the compiler and database that we're using parameters (thus the #first, #last, #nick)
dataCommand.CommandText = ("INSERT [MachineGroups] ([MachineGroupName],[MachineGroupDesc],[TimeAdded]) VALUES (#MachineGroupName,#MachineGroupDesc,#TimeAdded)");
//add our parameters to our command object
dataCommand.Parameters.AddWithValue("#MachineGroupName", MachineGroupName);
dataCommand.Parameters.AddWithValue("#MachineGroupDesc", MachineGroupDesc);
dataCommand.Parameters.AddWithValue("#TimeAdded", TimeAdded);
dataConnection.Open();
dataCommand.ExecuteNonQuery();
dataConnection.Close();
}