Click here to Skip to main content
15,113,131 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i have stored procedure with select statment  that has parameter how can i use it with asp.net when i try to insert data using the web form data added to the data base but when i wnat to retrive this data back from database i got this error "System.Data.SqlClient.SqlException: 'Procedure or function 'SelectData' expects parameter '@productName', which was not supplied."




ASP.NET
<pre><%@ Page Language="C#" AutoEventWireup="true"  trace="true" CodeBehind="WebForm5.aspx.cs" Inherits="Learn_Ado.WebForm5" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <table>
                <tr>
                    <td><asp:Label ID="Label1" runat="server" Text="Product Name"></asp:Label></td>
                    <td><asp:TextBox ID="Product" runat="server"></asp:TextBox></td>
                </tr>
                <tr>
                    <td><asp:Label ID="Label2" runat="server" Text="Unit Price"></asp:Label></td>
                    <td><asp:TextBox ID="UnitPrice" runat="server"></asp:TextBox></td>
                </tr>
                <tr>
                    <td><asp:Button ID="Button1" runat="server" Text="Sumbit" OnClick="Button1_Click" /></td>
                </tr>
            </table>
            <asp:Label ID="record" runat="server"></asp:Label>

            <asp:GridView ID="GridView1" runat="server" BackColor="White" BorderColor="#999999" BorderStyle="None" BorderWidth="1px" CellPadding="3" GridLines="Vertical">
                <AlternatingRowStyle BackColor="#DCDCDC" />
                <FooterStyle BackColor="#CCCCCC" ForeColor="Black" />
                <HeaderStyle BackColor="#000084" Font-Bold="True" ForeColor="White" />
                <PagerStyle BackColor="#999999" ForeColor="Black" HorizontalAlign="Center" />
                <RowStyle BackColor="#EEEEEE" ForeColor="Black" />
                <SelectedRowStyle BackColor="#008A8C" Font-Bold="True" ForeColor="White" />
                <SortedAscendingCellStyle BackColor="#F1F1F1" />
                <SortedAscendingHeaderStyle BackColor="#0000A9" />
                <SortedDescendingCellStyle BackColor="#CAC9C9" />
                <SortedDescendingHeaderStyle BackColor="#000065" />
            </asp:GridView>
        </div>
    </form>
</body>
</html>


C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data.SqlClient;

namespace Learn_Ado
{
    public partial class WebForm5 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
       
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            string cs = ConfigurationManager.ConnectionStrings["MSSQLDATABASE"].ConnectionString;

            using (SqlConnection con = new SqlConnection(cs))
            {
               
                SqlCommand cmd = new SqlCommand("Procedure", con);
                cmd.CommandType = System.Data.CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@productName", Product.Text);
                cmd.Parameters.AddWithValue("@unitPrice", UnitPrice.Text);

                con.Open();

                int Record = cmd.ExecuteNonQuery();

                record.Text = Record.ToString();
            }
            using (SqlConnection con = new SqlConnection(cs))
            {


                SqlCommand cmd = new SqlCommand();

                cmd.CommandText = "SelectData";
                cmd.CommandType = System.Data.CommandType.StoredProcedure;
                cmd.Connection = con;
                
                con.Open();

                using (SqlDataReader rdr = cmd.ExecuteReader())
                {
                    while (rdr.Read())
                    {
                        GridView1.DataSource = rdr;

                        GridView1.DataBind();
                    }


                }

            }
        }
    }
}

SQL
<pre>-- =============================================
-- Author:		<Author,,Name>
-- Create date: <Create Date,,>
-- Description:	<Description,,>
-- =============================================
create PROCEDURE SelectData
	-- Add the parameters for the stored procedure here
	 @productName varchar(1000),
     @unitPrice int 
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;

    -- Insert statements for procedure here
	select * from Products
	where productName = @productName
	AND unitPrice = @unitPrice;
END




What I have tried:

what i have tried i made the sql
SQL
<pre>-- =============================================
-- Author:		<Author,,Name>
-- Create date: <Create Date,,>
-- Description:	<Description,,>
-- =============================================
create PROCEDURE SelectData
	-- Add the parameters for the stored procedure here
	 @productName varchar(1000),
     @unitPrice int 
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;

    -- Insert statements for procedure here
       select productName , unitPrice  from Products;
END


but i think this dosent prevent the sql injection
Posted
Updated 21-Aug-19 14:07pm

1 solution

Quote:
i got this error "System.Data.SqlClient.SqlException: 'Procedure or function 'SelectData' expects parameter '@productName', which was not supplied."

Did you try to do exactly what the message says, aka provide parameters?
C#
SqlCommand cmd = new SqlCommand();

cmd.CommandText = "SelectData";
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Connection = con;
cmd.Parameters.AddWithValue("@productName", Product.Text);
cmd.Parameters.AddWithValue("@unitPrice", UnitPrice.Text);


con.Open();

[Update]
Quote:
is that a parameter for select statment or for the insert statment in sql

As per your question, the SelectData stored procedure is a select procedure.
But parameters to an insert procedure are working the same.
   
v2
Comments
Maciej Los 22-Aug-19 2:09am
   
5ed!
Patrice T 22-Aug-19 2:25am
   
Thank you
Member 14479161 22-Aug-19 13:30pm
   
is that a parameter for select statment or for the insert statment in sql
Member 14479161 23-Aug-19 4:37am
   
have other question if i made a normal seect statment inside a store prosedure without paramater as Select * from tabel name do this prevent from sql injeaction
Patrice T 23-Aug-19 6:45am
   
show the stored procedure you think about.
you may also open a new question.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900