Insert query creating entry twice in database.

Question

0.00/5 (No votes)

See more:

Code behind File

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;

namespace knockdetails
{
    public partial class DetailsUI : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                loadgrid();
            }
        }

        protected void state_SelectedIndexChanged(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(@"Data Source = PC\SQLEXPRESS; Initial Catalog = invoice; Integrated Security = True");
            con.Open();
            int a = Convert.ToInt16(state.SelectedItem.Value);
            string ab = state.SelectedItem.Text;
            SqlCommand objcmd = new SqlCommand("Select district.name from district inner join state on district.state_id = state.id where state.id = '" + a + "' ", con);
            DataTable objdt = new DataTable();
            SqlDataAdapter objda = new SqlDataAdapter(objcmd);
            objda.Fill(objdt);
            objcmd.ExecuteReader();
            district.DataSource = objdt;
            district.DataTextField = objdt.Columns["name"].ToString();
            district.DataBind();
            con.Close();

        }

        protected void Calendar1_SelectionChanged(object sender, EventArgs e)
        {
            joiningdate.Text = Calendar1.SelectedDate.Date.ToString("MM/dd/yyyy");
            Calendar1.Visible = false;
        }

        protected void CalenderButton_Click(object sender, EventArgs e)
        {
            Calendar1.Visible = true;
        }

        protected void Insert_Click(object sender, EventArgs e)
        {
            


            try {
                SqlConnection con = new SqlConnection(@"Data Source = PC\SQLEXPRESS; Initial Catalog = invoice; Integrated Security = True");
                con.Open();
                int a = Convert.ToInt16(state.SelectedItem.Value);
                string ab = state.SelectedItem.Text;
                Response.Write(ab);
                Response.Write(a);
                SqlCommand objcmd = new SqlCommand("INSERT INTO [dbo].[details]([state],[district],[name],[mobile],[email],[doj],[designation]) VALUES ('" + ab + "', '" + district.SelectedItem.Value + "', '" + name.Text + "', '" + mobilenumber.Text + "', '" + email.Text + "',  '" + joiningdate.Text + "', '" + designation.SelectedItem.Value + "')", con);
                DataSet objds = new DataSet();
                SqlDataAdapter objda = new SqlDataAdapter(objcmd);
                objda.Fill(objds);
                objcmd.ExecuteNonQuery();
                con.Close();
                loadgrid();
            }
            catch
            {
                
            }
        }

        public void loadgrid()
        {
            SqlConnection con = new SqlConnection(@"Data Source = PC\SQLEXPRESS; Initial Catalog = invoice; Integrated Security = True");
            con.Open();
            SqlCommand objcmd = new SqlCommand("Select * from details ", con);
            DataSet objds = new DataSet();
            SqlDataAdapter objda = new SqlDataAdapter(objcmd);
            objda.Fill(objds);
            objcmd.ExecuteReader();
            DataDetails.DataSource = objds;
            DataDetails.DataBind();
            con.Close();

            name.Text = "";
            mobilenumber.Text = "";
            state.SelectedItem.Value = "";
            district.SelectedItem.Value = "";
            email.Text = "";
            joiningdate.Text = "";
        }
    }
}

What I have tried:

state is dropdownlist with autopost under update panel - Databound from SQL Source
district is dropdownlist - fetched depending on selected value of state dropdown
name is text
mobile is text
email is text with regular exp validation
date of joining has a textbox with receive value from calendar with event Calendar1_SelectionChanged

i have also added a calendar button to show calendar again in case of changing date

and a button to submmit the page

Posted 1-Aug-16 11:16am

niceaashish

Updated 1-Aug-16 20:21pm

Add a Solution

Comments

RossMW 1-Aug-16 18:58pm

Firstly, try and avoid creating the SQL string, but use parameters instead to avoid SQL injection. Its a good habit to get into. I know its more verbose, but a good habit nevertheless.

Also; Does the database have two new records created or just grid displaying duplicates. If its the database, you should be able to step thru the code, to see where it is happening (code run twice or the grid also adding a record.) If its just the grid displaying duplicates, then make sure the gird is cleared before repopulating.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-08-01T20:21:00

A couple of things:
Firstly, don't do it like that: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Secondly, When you use a DataAdapter and call ExecuteNonQuery on teh same command:

C#

SqlDataAdapter objda = new SqlDataAdapter(objcmd);
objda.Fill(objds);
objcmd.ExecuteNonQuery();

It is going to insert the same row twice...

Thirdy, never "swallow" exceptions: log them, tell the user, whatever - do something with them. When you use an empty catch block you hide any evidence of what your code's problems might be, even from yourself. And you often need that to fix it...