How to insert data of dynamically generated textbox into databae at runtime?

Question

1.00/5 (1 vote)

See more:

I am generating dynamic textbox for that I have 2 tables:

1. dynamic
2. empdetail

Here empdetail is a master table and dynamically generated column is inserted in that table and after that I also want to store data in database. But the problem is when i save the dynamic textbox value in database, the value will be insert null in database i cant see the dynamic textbox value...

Pls help me to solve my problem. My code is below...... My Dynamic TextBox id is="TxtDynamic" and The problem is on Button3 query.

C#

               using System;
using System.Collections.Generic;
using System.Linq;
using System.Data.Sql;
using System.Data;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Text;
using System.Drawing;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection();
        con.ConnectionString = "Data Source=vaio\\sqlexpress;Initial Catalog=emp;User ID=sa;Password=administrator";
        con.Open();
        string query = "insert into empdetail (id,name) values (@id,@name)";
        using (SqlCommand cmd = new SqlCommand(query, con))
        {
            cmd.Parameters.AddWithValue("@id", txtId.Text);
            cmd.Parameters.AddWithValue("@name", txtName.Text);

            txtId.Text = "";
            txtName.Text = "";
            cmd.ExecuteNonQuery();
        }
        con.Close();
    }

   
    static int i;
    int j;
    protected void Button2_Click(object sender, EventArgs e)
    {
       
        Button3.Visible = true;
       i++;
        for (j = 0; j <= i-1; j++)
        {
            Label lbl = new Label();
            lbl.ID = "dlbl";
            lbl.Text = TextBox1.Text;
            Panel1.Controls.Add(lbl);
            TextBox tb = new TextBox();
            tb.ID = "TxtDynamic"+i;
            Panel1.Controls.Add(tb); 
        }
        SqlConnection con = new SqlConnection();
        con.ConnectionString = "Data Source=vaio\\sqlexpress;Initial Catalog=emp;User ID=sa;Password=administrator";
        string query = "insert into dynamic (controlname,size,datatype) values (@controlname,@size,@datatype)";
        con.Open();
        using (SqlCommand cmd = new SqlCommand(query, con))
        {
            cmd.Parameters.AddWithValue("@controlname", TextBox1.Text);
            cmd.Parameters.AddWithValue("@size", TextBox2.Text);
            cmd.Parameters.AddWithValue("@datatype", DropDownList1.SelectedValue);

            
            TextBox2.Text = "";
           // DropDownList1.SelectedValue = null;
            cmd.ExecuteNonQuery();
        }
        string qry = "alter table empdetail add " +TextBox1.Text+ " " +DropDownList1.SelectedValue+ " null";
        
        SqlCommand cd = new SqlCommand(qry, con);
        
            
            cd.ExecuteNonQuery();
        
        con.Close();
        
    }
    protected void RadioButton1_CheckedChanged(object sender, EventArgs e)
    {
        if (RadioButton1.Checked)
        {
            Label3.Visible = true;
            Label4.Visible = true;
            Label5.Visible = true;
            TextBox1.Visible = true;
            TextBox2.Visible = true;
            DropDownList1.Visible = true;
            Button2.Visible = true;
            Button3.Visible = false;
        }
        else
        {
            Label3.Visible = false;
            Label4.Visible = false;
            Label5.Visible = false;
            TextBox1.Visible = false;
            TextBox2.Visible = false;
            DropDownList1.Visible = false;
            Button2.Visible = false;
            Button3.Visible = false;
        }
    }
  protected void Button3_Click(object sender, EventArgs e)
{

    SqlConnection con = new SqlConnection();
    con.ConnectionString = "Data Source=vaio\\sqlexpress;Initial Catalog=emp;User ID=sa;Password=administrator";
    con.Open();
    //TextBox tb = (TextBox)Panel1.FindControl("TxtDynamic" + i.ToString());

    string query = "update empdetail set " + TextBox1.Text + " = '"+ Panel1.FindControl("TxtDynamic1" + i.ToString()) + "' where id=(select Max(id) from empdetail )";

    SqlCommand cmd = new SqlCommand(query, con);
    cmd.ExecuteNonQuery();        
    con.Close();
}

Posted 26-Sep-14 6:02am

Janak Chhatbar

Updated 26-Sep-14 7:11am

v4

Add a Solution

Comments

ChauhanAjay 26-Sep-14 12:29pm

1. First of all your update statement is wrong. The update statement would be something like this "update tablename set columnname=value where idcolumn = idvalue".

2. You are using a variable with the name "i" I don't find any declaration of that variable.

Janak Chhatbar 26-Sep-14 13:02pm

in the update query i have passed dynamic textbox name which is taken from TextBox1 and in the value filed I have passed Dynamic generated textbox id.

Janak Chhatbar 26-Sep-14 13:05pm

Here I have upload my whole code...

Sergey Alexandrovich Kryukov 26-Sep-14 13:06pm

Right. In addition to that: OP's approach is wrong from the very beginning. Please see Solution 1.
—SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2014-09-26T07:07:00

Your approach is wrong from the very beginning. You should never create a query by concatenation of string taken from your UI. Instead, you need to use parametrized statements. Please see: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

If you do it your way, you make your application totally vulnerable to a well-known exploit: SQL Injection. The user can write anything in the UI, including some SQL fragment. Are you getting the idea? This is how: http://xkcd.com/327[^].

Please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

—SA