Click here to Skip to main content
11,929,650 members (57,089 online)
Rate this:
Please Sign up or sign in to vote.
See more: C#3.0 C# ASP.NET
below i write my sql query

"Insert into tblpayfee(regno,sname,lastname,course,sem,date,fee_amt,paid_amt,remain_amt,fine,tot_amt,amt_words)values('" + txtregno.Text + "','" + txtname.Text + "','" + txtlastname.Text + "','" + txtcourse.Text + "','" + DropDownList2.SelectedItem.ToString() + "','" + txtfeedate.Text + "','" + txtfeeamount.Text + "','" + txtpaidamt.Text + "','" + txtremainamt.Text + "','" + txtfineamt.Text + "','" + txttotamt.Text + "'," + txtamt_words + ")";
but i face problem in execution of this query

The name "System.Web.UI.WebControls.TextBox" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.

how can solve this problem pls help me

- Suraj
Posted 14-May-13 5:44am
Edited 14-May-13 5:46am
Maciej Los210.1K
ThePhantomUpvoter 14-May-13 10:53am
You really should be using parameterized queries instead of string concatenation to prevent SQL injection attacks.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

As mentioned in Solution-1 use txtamt_words.Text.

You are using inline query and passing your Input/TextBox values into it. This is a potential risk of SQL Injection.

Have a look at below links to uderstand SQL Injection.

Solution:- Instead use parameterized query. Have a look at below link.
Maciej Los 14-May-13 11:07am
Complete answer!
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

you forgot to use the text property on txtamt_words, use this instead "txtamt_words.Text"
Maciej Los 14-May-13 10:52am
That could be it!
+4, because answer is not complete ;(
yloginov 14-May-13 11:13am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web04 | 2.8.151126.1 | Last Updated 14 May 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100