asp.net unhandled exception

Question

1.00/5 (1 vote)

See more:

This is code to add items in the cart it add all the items but problem is it doesn't add only one item i couldn't find out the exception but still catch block executes.Please Help me to solve this.My code as follows:

C#

try
      {
          if (e.CommandName == "Cart" && Session.Count > 0)
          {
              da = new SqlDataAdapter("select count(*) from rsa_addtocart tatc inner join rsa_Users tl on tatc.UserId=tl.UserId where tatc.productid=" + Convert.ToInt32(e.CommandArgument.ToString()) + " and tl.UserId=" + Convert.ToInt32(Session["users"].ToString()) + " and tatc.UserId=" + Convert.ToInt32(Session["users"].ToString()) + " ", con);
              int n = Convert.ToInt32(da.SelectCommand.ExecuteScalar());
              if (n == 1)
              {
                  da = new SqlDataAdapter("select tpd.ProductID,tpd.ProductName,tpd.Price,tpd.ProductImage,tl.UserId,tatc.cartId from rsa_ProductItemTable tpd inner join rsa_addtocart tatc on tpd.ProductID=tatc.productid inner join rsa_Users tl on tl.UserId=tatc.UserId where tatc.productid= @CommandID and tl.UserId= @UID  ", con);
                  da.SelectCommand.Parameters.Add("@UID", Convert.ToInt32(Session["users"]));
                  da.SelectCommand.Parameters.Add("@CommandID", Convert.ToInt32(e.CommandArgument.ToString()));
                  ds = new DataSet();
                  da.Fill(ds, "tbl_tpd");
                  if (ds.Tables.Count > 0 && ds.Tables["tbl_tpd"].Rows.Count > 0)
                  {
                      da = new SqlDataAdapter("update rsa_addtocart set UserId=@UId,productid=@productid,productname=@prodname,ProductImage=@prodImage,price=@price,cdate=getdate() where productid=@productid and cartId=@cartId and UserId=@UId ", con);
                      da.SelectCommand.Parameters.AddWithValue("@UId", Convert.ToInt32(Session["users"].ToString()));
                      da.SelectCommand.Parameters.AddWithValue("@productid", Convert.ToInt32(ds.Tables[0].Rows[0][0].ToString()));
                      da.SelectCommand.Parameters.AddWithValue("@prodname", ds.Tables[0].Rows[0][1].ToString());
                      da.SelectCommand.Parameters.AddWithValue("@prodImage", ds.Tables[0].Rows[0][3]);
                      da.SelectCommand.Parameters.AddWithValue("@price", Convert.ToDecimal(ds.Tables[0].Rows[0][2].ToString()));
                      da.SelectCommand.Parameters.AddWithValue("@cartId", Convert.ToInt32(ds.Tables[0].Rows[0][5].ToString()));
                      da.SelectCommand.ExecuteNonQuery();
                  }
              }
              da = new SqlDataAdapter("select tpd.ProductID,tpd.ProductName,tpd.Price,tpd.ProductImage from rsa_ProductItemTable tpd where tpd.ProductID=@commandId", con);
              da.SelectCommand.Parameters.AddWithValue("@commandId", Convert.ToInt32(e.CommandArgument.ToString()));
              ds = new DataSet();
              da.Fill(ds, "tbl_tpd");
              if (ds.Tables.Count > 0 && ds.Tables["tbl_tpd"].Rows.Count > 0)
              {
                  using (var command = new SqlCommand("rsa_products_sp_Insertaddcart", con))
                  {
                      int value = 1;
                      command.CommandType = CommandType.StoredProcedure;
                      command.Parameters.AddWithValue("@UserId", Session["users"]);
                      command.Parameters.AddWithValue("@productid", ds.Tables[0].Rows[0][0]);
                      command.Parameters.AddWithValue("@productname", ds.Tables[0].Rows[0][1]);
                      command.Parameters.AddWithValue("@ProductImage", ds.Tables[0].Rows[0][3]);
                      command.Parameters.AddWithValue("@price", ds.Tables[0].Rows[0][2]);
                      command.Parameters.AddWithValue("@qty", value);
                      command.Parameters.AddWithValue("@totalcost", ds.Tables[0].Rows[0][2]);

                      if (con.State != ConnectionState.Open)
                      {
                          con.Open();
                          try
                          {
                              command.ExecuteNonQuery();
                          }
                          finally
                          {
                              con.Close();
                          }
                      }
                      else
                      {
                          command.ExecuteNonQuery();
                      }
                  }

                  if (Session.Count > 0)
                  {
                      Response.Redirect("AddCart.aspx?ProductID=" + e.CommandArgument.ToString());
                  }

          else
          {
              Response.Redirect("UserLogin.aspx");
          }
          }
          }
      }
      catch (Exception ex)
      {
Response.Write("<script>alert('"+ Server.HtmlEncode(ex.Message) + "')</script>");
      }
      finally
      {
          con.Close();
      }

Thnks in advance.

Posted 22-Jul-15 7:51am

kwelpooh

Updated 22-Jul-15 8:33am

v2

Add a Solution

Comments

[no name] 22-Jul-15 14:08pm

An empty catch block means that you are ignoring any exception that you would catch. We can't debug this for you as your code is incomplete and we do not have access to your code, your hard drive, your screen or your database.

Richard Deeming 22-Jul-15 16:53pm

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Your first command concatenates two values into the query, rather than using parameters. The other commands correctly use parameterized queries.

Whilst this particular case isn't obviously vulnerable to SQL Injection[^], as both values are integers, it's a bad habit to form.

You should make a point of using parameterized queries for everything, even when you're absolutely certain that the string concatenation won't open up a security vulnerability in your code. That way, you won't forget to do the right thing when the parameters could cause SQLi. :)

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2015-07-22T08:14:00

Solution 1

In the inner try you don't have a catch block at all, probably should be.

What comes to the outer exception, you don't investigate the exception at all. Try showing the message of the exception in

C#

...
catch (Exception ex)
{
   // Show ex.Message over here
}
...

Posted 22-Jul-15 8:14am

Wendelius

v2

Comments

Sergey Alexandrovich Kryukov 22-Jul-15 14:22pm

5ed. Blocking exception propagation (or not understanding what exceptions do) is the worst thing.
—SA

Wendelius 23-Jul-15 4:38am

Thanks :)