I want to display data on ASP.NET textbox based on session id. But nothing happen on the page.

Question

1.00/5 (1 vote)

See more:

SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=1GCAttendanceManagementSystem;Integrated Security=True");
DataTable dt = new DataTable();
con.Open();
SqlDataReader myReader = null;
SqlCommand myCommand = new SqlCommand("select * from Employee where EmpUsername='" + Session["id"] + "'", con);

myReader = myCommand.ExecuteReader();

while (myReader.Read())
{
txtCode.Text = (myReader["EmployeeId"].ToString());
txtUsername.Text = (myReader["EmpUsername"].ToString());
txtPass.Text = (myReader["EmpPassword"].ToString());
txtEmail.Text = (myReader["EmpEmail"].ToString());
txtFirstname.Text = (myReader["EmpFirstName"].ToString());
txtLastname.Text = (myReader["EmpLastName"].ToString());
txtGender.Text = (myReader["EmpGender"].ToString());
txtContact.Text = (myReader["EmpContact"].ToString());
txtAddress.Text = (myReader["EmpAddress"].ToString());
txtDept.Text = (myReader["EmpDept"].ToString());

}
con.Close();

What I have tried:

I have tried the coding. But all the textbox are blank. Nothing happen at all.

Posted 10-Feb-18 23:22pm

f farihin

Updated 12-Feb-18 8:39am

Add a Solution

Comments

F-ES Sitecore 11-Feb-18 10:50am

If the code doesn't go into the while loop (use the debugger to step through) then your query is returning no rows. That will be because the session["id"] isn't want you expect or there is nothing in the database that matches it. We don't know what is in your session or your database so can't say much more than that.

Richard Deeming 13-Feb-18 11:05am

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

using (SqlConnection con = new SqlConnection("..."))
using (SqlCommand myCommand = new SqlCommand("select * from Employee where EmpUsername = @id", con))
{
    myCommand.Parameters.AddWithValue("@id", Session["id"]);
    
    con.Open();
    using (SqlDataReader myReader = myCommand.ExecuteReader())
    {
        if (myReader.Read())
        {
            txtCode.Text = Convert.ToString(myReader["EmployeeId"]);
            ...
        }
    }
}

f farihin 21-Feb-18 7:15am

It works now

2 solutions

Solution 2

what type of data session["id"] consist?

you are comparing empusername with id.

you have to compare empuserid with id.

Posted 12-Feb-18 8:37am

Mukthahar Shaik

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

#realJSOP · Accepted Answer · 2018-02-11T04:03:00

0) Put your code in a try/catch block.

1) At the top of the try block, put this like

C#

if (string.IsNullOrEmpty(Session["id"])) { throw new Exception("Session ID has not been set");}

2) Run the code under the debugger with a breakpoint set in the catch block.

3) Your code is generally not really built well. Do it this way instead:

C#

try
{
    if (string.IsNullOrEmpty(Session["id"])) 
    {
        // throw an exception so that the code doesn't perform an unnecessary 
        // database query
        throw new Exception("Session ID has not been set");
    }
    using (SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=1GCAttendanceManagementSystem;Integrated Security=True"))
    {
        DataTable dt = new DataTable();
        con.Open();
        SqlDataReader myReader = null;
        using (SqlCommand myCommand = new SqlCommand("select * from Employee where EmpUsername='" + Session["id"] + "'", con){CommandType=CommandType.Text})
        {
            myReader = myCommand.ExecuteReader();
            if (!myReader.HasRows)
            {
                // Do something if the reader doesn't have data. This could be an exception 
                // or other indication to the user that something unexpected happened.
            }
            while (myReader.Read())
            {
                // The exception handler will trigger if the expected fields don't exist 
                // in the returned row
                txtCode.Text = (myReader["EmployeeId"].ToString());
                txtUsername.Text = (myReader["EmpUsername"].ToString());
                txtPass.Text = (myReader["EmpPassword"].ToString());
                txtEmail.Text = (myReader["EmpEmail"].ToString());
                txtFirstname.Text = (myReader["EmpFirstName"].ToString());
                txtLastname.Text = (myReader["EmpLastName"].ToString());
                txtGender.Text = (myReader["EmpGender"].ToString());
                txtContact.Text = (myReader["EmpContact"].ToString());
                txtAddress.Text = (myReader["EmpAddress"].ToString());
                txtDept.Text = (myReader["EmpDept"].ToString());
            }
        }
    }
    // Put a breakpoint on the following curly brace so you can establish that the 
    // code is working without problems (assuming your ducks are otherwise all in a row)
}
catch (Exception ex)
{
    // do something appropriate to indicate whatever problem arises
    // if you're debugging, put a breakpoint on either of the curly braces to stup exceution
}