I am displaying a message on label but it showing exception in developer tools as re: sys.webforms.pagerequestmanagerparsererrorexception: the message received from the server cou...

Question

1.00/5 (2 votes)

See more:

I am Inserting Data Into Database And Then Giving Message On Label as
Lead Saved Successfully
and then It Bind all Data to GridView Which We have Inserted Now And Earlier inserted
for that I have Function

AllMyLeads();

I have Given Message After InsertQuery Execuated Data is Inserting But Message is not Showing

I have also try to Display Message After ShowFunction i.e

AllMyLeads()

but It Showing Message

Re: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server cou...

In developer tool

What I have tried:

SqlConnection connection10 = new SqlConnection(connstring);
                                connection10.Open();
                                if (Addcompanyname1.Text != "")
                                {
                                    string str101 = "exec strp_insertintoAdd_Lead @Companyid=" + companyid1 + ",@Contactperson='" + txtContactPerson1.Text + "',@Telephone='" + str11 + "',@Emailid='" + txtEmailID1.Text + "',@Bankid=" + Bankid1 + ",@BankerContactperson='" + Convert.ToString(txtBankerContactPerson1.Text) + "',@Turnover='" + txtTurnover1.Text + "',@EmailBankperson='" + txtEmailidBankerContactPerson1.Text + "',@SourceLead='" + sourceid + "',@AddressLine1='" + txtAddressLine11.Text + "',@AddressLine2='" + txtAddressLine21.Text + "',@Pincodeid=" + ViewState["pincodeid1"].ToString() + ",@Cityid=" + ViewState["cityid1"].ToString() + ",@Productid=" + pid1 + ",@Ratedby=" + Rbid1 + ",@Createdby=" + ViewState["Userid"].ToString() + ",@Lastupdatedby=" + ViewState["Userid"].ToString() + ",@Datecreatedby='" + date + "',@Lastupdatedon='" + date + "',@Userid=" + ViewState["Userid"].ToString() + ",@LeadOwner=" + ViewState["Userid"].ToString() + ",@bankfacility='" + Convert.ToString(txtbankfacility.Text) + "',@MobileNo='" + Convert.ToString(txtMobileNo.Text) + "',@BankersMobileNumber='" + Convert.ToString(BankerMobileNo.Text) + "',@BankersTelNumber='" + str12 + "'";
                                    new SqlCommand(str101, connection10).ExecuteNonQuery();
                                    lblMessage.Visible = true;
                                    lblMessage.Text = "Lead saved successfully";
                                    bLbVis = true;

                                    connection10.Close();

and Also Tryed Following

in Insert Function I have made

bLbVis == true

and then for Show Function I have Given Message

public void AllMyLeads()
       {
           emptygrid.Visible = false;
           dset = getDataDataset("exec strp_downloadallmyleads @leadowner='" + ViewState["Userid"].ToString() + "'");
           if (dset.Tables[0].Rows.Count == 0)
           {
               emptygrid.Visible = true;
           }
           else
           {
               girdAllMyleads.DataSource = dset.Tables[0];
               girdAllMyleads.DataBind();
           }

           if (bLbVis == true)
           {
               lblMessage.Visible = true;
               lblMessage.Text = "Lead saved successfully";
               return;
           }
       }

Posted 17-Jul-17 3:01am

paul_vin

Updated 17-Jul-17 5:04am

Add a Solution

2 solutions

Solution 2

"str101", "connection10"? Yeah, those are not descriptive variable names. Have you ever heard of the concept of "self documenting code"? I suggest you Google it and have a read.

OW, MY EYES!

Also, that SQL string is ... horrifying. By using string concatentation to build your SQL query string, you also made it very easy to break your code and made it far more difficult to debug.

I suggest you Google for "SQL Injection Attack" to find out why what you did is so bad and "C# SQL parameterized queries" to find out what to do about it.

Posted 17-Jul-17 5:04am

Dave Kreskowiak

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2017-07-17T03:59:00

Don;t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You don't need to EXEC your SP: you can do a parameterised call directly to the SP without EXEC:

C#

using (SqlCommand com = new SqlCommand("MyStoredProcedureName", con))
    {
    com.CommandType = CommandType.StoredProcedure;
    com.Parameters.AddWithValue("@PARAM", "the value for the parameter");
    com.ExecuteNonQuery();
    }

Then, look at your stored procedures, and see what they do: without that you can;t begin to diagnose your problems.