Click here to Skip to main content
13,199,852 members (65,241 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
I am Inserting Data Into Database And Then Giving Message On Label as
Lead Saved Successfully
and then It Bind all Data to GridView Which We have Inserted Now And Earlier inserted
for that I have Function
AllMyLeads();


I have Given Message After InsertQuery Execuated Data is Inserting But Message is not Showing

I have also try to Display Message After ShowFunction i.e
AllMyLeads()


but It Showing Message

Re: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server cou...

In developer tool

What I have tried:

SqlConnection connection10 = new SqlConnection(connstring);
                                connection10.Open();
                                if (Addcompanyname1.Text != "")
                                {
                                    string str101 = "exec strp_insertintoAdd_Lead @Companyid=" + companyid1 + ",@Contactperson='" + txtContactPerson1.Text + "',@Telephone='" + str11 + "',@Emailid='" + txtEmailID1.Text + "',@Bankid=" + Bankid1 + ",@BankerContactperson='" + Convert.ToString(txtBankerContactPerson1.Text) + "',@Turnover='" + txtTurnover1.Text + "',@EmailBankperson='" + txtEmailidBankerContactPerson1.Text + "',@SourceLead='" + sourceid + "',@AddressLine1='" + txtAddressLine11.Text + "',@AddressLine2='" + txtAddressLine21.Text + "',@Pincodeid=" + ViewState["pincodeid1"].ToString() + ",@Cityid=" + ViewState["cityid1"].ToString() + ",@Productid=" + pid1 + ",@Ratedby=" + Rbid1 + ",@Createdby=" + ViewState["Userid"].ToString() + ",@Lastupdatedby=" + ViewState["Userid"].ToString() + ",@Datecreatedby='" + date + "',@Lastupdatedon='" + date + "',@Userid=" + ViewState["Userid"].ToString() + ",@LeadOwner=" + ViewState["Userid"].ToString() + ",@bankfacility='" + Convert.ToString(txtbankfacility.Text) + "',@MobileNo='" + Convert.ToString(txtMobileNo.Text) + "',@BankersMobileNumber='" + Convert.ToString(BankerMobileNo.Text) + "',@BankersTelNumber='" + str12 + "'";
                                    new SqlCommand(str101, connection10).ExecuteNonQuery();
                                    lblMessage.Visible = true;
                                    lblMessage.Text = "Lead saved successfully";
                                    bLbVis = true;
 
                                    connection10.Close();


and Also Tryed Following



in Insert Function I have made
bLbVis == true

and then for Show Function I have Given Message

 public void AllMyLeads()
        {
            emptygrid.Visible = false;
            dset = getDataDataset("exec strp_downloadallmyleads @leadowner='" + ViewState["Userid"].ToString() + "'");
            if (dset.Tables[0].Rows.Count == 0)
            {
                emptygrid.Visible = true;
            }
            else
            {
                girdAllMyleads.DataSource = dset.Tables[0];
                girdAllMyleads.DataBind();
            }
 
            if (bLbVis == true)
            {
                lblMessage.Visible = true;
                lblMessage.Text = "Lead saved successfully";
                return;
            }
        }
Posted 17-Jul-17 3:01am
Updated 17-Jul-17 5:04am
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Don;t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You don't need to EXEC your SP: you can do a parameterised call directly to the SP without EXEC:
using (SqlCommand com = new SqlCommand("MyStoredProcedureName", con))
    {
    com.CommandType = CommandType.StoredProcedure;
    com.Parameters.AddWithValue("@PARAM", "the value for the parameter");
    com.ExecuteNonQuery();
    }


Then, look at your stored procedures, and see what they do: without that you can;t begin to diagnose your problems.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

"str101", "connection10"? Yeah, those are not descriptive variable names. Have you ever heard of the concept of "self documenting code"? I suggest you Google it and have a read.

OW, MY EYES!

Also, that SQL string is ... horrifying. By using string concatentation to build your SQL query string, you also made it very easy to break your code and made it far more difficult to debug.

I suggest you Google for "SQL Injection Attack" to find out why what you did is so bad and "C# SQL parameterized queries" to find out what to do about it.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web03 | 2.8.171020.1 | Last Updated 17 Jul 2017
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100