Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#3.0 ASP.NET
below i write my sql query
 
"Insert into tblpayfee(regno,sname,lastname,course,sem,date,fee_amt,paid_amt,remain_amt,fine,tot_amt,amt_words)values('" + txtregno.Text + "','" + txtname.Text + "','" + txtlastname.Text + "','" + txtcourse.Text + "','" + DropDownList2.SelectedItem.ToString() + "','" + txtfeedate.Text + "','" + txtfeeamount.Text + "','" + txtpaidamt.Text + "','" + txtremainamt.Text + "','" + txtfineamt.Text + "','" + txttotamt.Text + "'," + txtamt_words + ")";
but i face problem in execution of this query
 
The name "System.Web.UI.WebControls.TextBox" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.

 
how can solve this problem pls help me
 
- Suraj
Posted 14-May-13 5:44am
Edited 14-May-13 5:46am
Maciej Los151.2K
v2
Comments
ThePhantomUpvoter at 14-May-13 10:53am
   
You really should be using parameterized queries instead of string concatenation to prevent SQL injection attacks.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

As mentioned in Solution-1 use txtamt_words.Text.
 
You are using inline query and passing your Input/TextBox values into it. This is a potential risk of SQL Injection.
 
Have a look at below links to uderstand SQL Injection.
http://en.wikipedia.org/wiki/SQL_injection
 
http://blogs.technet.com/b/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx
 
Solution:- Instead use parameterized query. Have a look at below link.
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters
  Permalink  
Comments
Maciej Los at 14-May-13 11:07am
   
+5
Complete answer!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

you forgot to use the text property on txtamt_words, use this instead "txtamt_words.Text"
  Permalink  
v2
Comments
Maciej Los at 14-May-13 10:52am
   
That could be it!
+4, because answer is not complete ;(
yloginov at 14-May-13 11:13am
   
thanks!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 587
1 Sergey Alexandrovich Kryukov 519
2 Maciej Los 305
3 BillWoodruff 250
4 Mathew Soji 195
0 OriginalGriff 7,356
1 Sergey Alexandrovich Kryukov 6,777
2 DamithSL 5,461
3 Manas Bhardwaj 4,916
4 Maciej Los 4,475


Advertise | Privacy | Mobile
Web03 | 2.8.1411023.1 | Last Updated 14 May 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100