Click here to Skip to main content
15,887,812 members
Search within:


Saving a cloned div into SQL
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
SQL
clone
I am new to Web Development and am working with C# for Server Side and HTML/CSS/JS/JQuery for Client side. I have a form with multiple fields which upon being submitted saves the data into SQL database. I have used asp.net controls (textboxes, checkboxes etc) because they are easier to access on the server-side using their ids.

For example:

string myEmail1 = txtBxEmail1.Text; (where txtBxEmail is the id of the Text Box)

I am saving the myEmail string into the intended column in my db with a query like:

string query = "insert into My_Table(Email, Phone....) values('"" + myEmail + "','" + myPhone + "','" +......"')";

Now, I have to clone huge chunk of my form to let user add information for a different entity. I was easily able to clone portion of the form using jQuery's Clone method. However the problem is, saving these values into DB.

If anyone could help me understand how to save these cloned values into SQL. Any form of recommendation/direction/snippet would be highly appreciated.

What I have tried:

Since the cloned elements do not have ids initially, I tried to assign incremental ids for them, like txtBxEmail2, txtBxEmail3..... which was the simplest way to go about it, but they do not exist before the program runs so I cannot assign their value into a string like above.
Posted
Updated 21-Jan-20 7:54am
Add a Solution

1 solution

Welcome to the world of Web Development; hopefully you will enjoy it.

And let's get to best practices right away: this code is vulnerable to SQL Injection. Whenever you are going to take user information and place it into a database you should be using Parameters; and not piecing together an SQL command mixed with the user input.

This is the vulnerable line
C#
string query = "insert into My_Table(Email, Phone....) values('"" + myEmail + "','" + myPhone + "','" +......"')";
The easy way to avoid this problem is adding your variables to the SqlCommand objects Parameter collection:
C#
string query = "INSERT My_Table(Email, Phone....) VALUES (@Email, @Phone,....)";

SqlCommand cmd = new SqlCommand(query, connection);
cmd.Parameters.AddWithValue("@Email", myEmail);
cmd.Parameters.AddWithValue("@Phone", myPhone);
// continue for all your dots (....)
Now for the problem you came here with... I would recommend updating your question with the Improve Question widget and add in the relevant code pieces; otherwise it is going to be a lot of guesswork for the community.

What you yourself can do is troubleshot & debug. Run the program locally in debug mode and step through the POST action you have; this will help identify what the cloned elements are named, so that you can get the values.

Another tool to use is the browser's developer tools. You can "inspect" any element in the DOM to get the element type as well as it's attribute. There is also a network tab in those tools which will allow you to see the post contents being sent when the form is submitted.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Display Binary file saved in Sql on Asp.net web page in div tag
how to save droppable div image in to pc using jquery
How to fix a div of larger size to a smaller div while clone().append
Linq to Sql: Clone update
how to save div as image in asp.net?
Payment table is not saving merchant details
Paid and remain amount always saved null in database
Save ASP div as image in C# ?
download div tag and save it as image
How to save full div paragraph

Advertise
Privacy
Cookies
Terms of Use
Last Updated 21 Jan 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900