Click here to Skip to main content
15,849,785 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hello every one..
i am working with vb.net 2015 and sql 2014 and i have a treeview with 5 level and listview with 2 column(id,name) that i want send index and text of all checked nodes
to lisview..

it is work well in first level but any children checked not send to listview.
so far i was tried this code:

thanks.

What I have tried:

Private Sub Button8_Click(sender As Object, e As EventArgs) Handles Button8.Click
    ListView1.Items.Clear()
    'AddToList(TreeView1.Nodes)
    AddToList1()
    Dim constr As String = (ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
    Dim con As New SqlConnection(constr)
    con.Open()
    For Each item As ListViewItem In ListView1.Items
        Dim cmd As SqlCommand = New SqlCommand("Insert Into F_PERMENU(INDEX_F,parent_node,compid,user_id) Values ('" & item.Text & "','" & item.SubItems.Item(1).Text & "','" & TextBox10.Text & "','" & TextBox7.Text & "')", con)
        cmd.ExecuteNonQuery()
    Next
    con.Close()
End Sub

Private Sub AddToList1()
    ListView1.Columns.Clear()
    Dim TempStr(1) As String
    Dim TempNode As New ListViewItem
    ' Show "hidden" text
    ListView1.ShowItemToolTips = True
    ' Set columnar mode
    ListView1.View = View.Details
    ' Set column header
    ListView1.Columns.Add("ایندکس", 80)
    ListView1.Columns.Add("متن", 120)
    ' Remove previous items
    ListView1.Items.Clear()
    For Each tnd As TreeNode In TreeView1.Nodes
        If tnd.Checked Then
            ' Add two items
            TempStr(0) = tnd.Index
            TempStr(1) = tnd.Text
            TempNode = New ListViewItem(TempStr)
            ListView1.Items.Add(TempNode)
        End If
    Next
End Sub
Posted
Updated 16-Mar-18 20:13pm
v2
Comments
Richard Deeming 15-Mar-18 16:04pm    
New SqlCommand("Insert Into F_PERMENU(INDEX_F,parent_node,compid,user_id) Values ('" & item.Text & "','" & item.SubItems.Item(1).Text & "','" & TextBox10.Text & "','" & TextBox7.Text & "')", con)


Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Using cmd As New SqlCommand("Insert Into F_PERMENU (INDEX_F, parent_node, compid, user_id) Values (@INDEX_F, @parent_node, @compid, @user_id)", con)
    cmd.Parameters.AddWithValue("@INDEX_F", item.Text)
    cmd.Parameters.AddWithValue("@parent_node", item.SubItems.Item(1).Text)
    cmd.Parameters.AddWithValue("@compid", TextBox10.Text)
    cmd.Parameters.AddWithValue("@user_id", TextBox7.Text)
    
    cmd.ExecuteNonQuery();
End Using


Once you've fixed that, do yourself a favour and give your controls meaningful names. You might remember what TextBox42 represents now, but when you come back to edit your code in six months time, you won't have a clue!

Hi Everey Body..
finally, I was able to solve the problem with this function:

Private Sub Button8_Click(sender As Object, e As EventArgs) Handles Button8.Click
    ListView1.Items.Clear()
    AddToList1()
    Dim constr As String = (ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
    Dim con As New SqlConnection(constr)
    con.Open()
    For Each item As ListViewItem In ListView1.Items
        Dim cmd As SqlCommand = New SqlCommand("Insert Into F_PERMENU(INDEX_F,parent_node,compid,user_id) Values ('" & item.Text & "','" & item.SubItems.Item(1).Text & "','" & TextBox10.Text & "','" & TextBox7.Text & "')", con)
        cmd.ExecuteNonQuery()
    Next
    con.Close()
End Sub

Private Sub AddToList1()
        ListView1.Columns.Clear()
        Dim TempStr(1) As String
        Dim TempNode As ListViewItem
        ' Show "hidden" text
        ListView1.ShowItemToolTips = True
        ' Set columnar mode
        ListView1.View = View.Details
        ' Set column header
        ListView1.Columns.Add("ایندکس", 80)
        ListView1.Columns.Add("متن", 120)
        ' Remove previous items
        ListView1.Items.Clear()
        For Each tnd As TreeNode In GET_ALL_PARENT_AND_CHILD_NODES(TreeView1)
            If tnd.Checked Then
                ' Add two items
                TempStr(0) = tnd.Index
                TempStr(1) = tnd.Text
                TempNode = New ListViewItem(TempStr)
                ListView1.Items.Add(TempNode)
            End If
        Next
    End Sub

    Public Function GET_ALL_PARENT_AND_CHILD_NODES(ByVal tree As TreeView) As List(Of TreeNode)
        Dim nodes As New List(Of TreeNode)
        Dim queue As New Queue(Of TreeNode)
        Dim top As TreeNode
        Dim nod As TreeNode
        For Each top In tree.Nodes
            queue.Enqueue(top)
        Next
        While (queue.Count > 0)
            top = queue.Dequeue
            nodes.Add(top)
            For Each nod In top.Nodes
                queue.Enqueue(nod)
            Next
        End While
        GET_ALL_PARENT_AND_CHILD_NODES = nodes
    End Function
 
Share this answer
 
v2
Comments
Richard Deeming 16-Mar-18 13:22pm    
You still haven't fixed the critical security vulnerability in your code, though.
thank you Richard deeming for your reply....

I am correcting this:

Private Sub Button8_Click(sender As Object, e As EventArgs) Handles Button8.Click
       ListView1.Items.Clear()
       'AddToList(TreeView1.Nodes)
       AddToList1()
       Dim constr As String = (ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
       Dim con As New SqlConnection(constr)
       con.Open()
       For Each item As ListViewItem In ListView1.Items
           'Dim cmd As SqlCommand = New SqlCommand("Insert Into F_PERMENU(INDEX_F,parent_node,compid,user_id) Values ('" & item.Text & "','" & item.SubItems.Item(1).Text & "','" & compidtxt.Text & "','" & user_idtxt.Text & "')", con)
           'cmd.ExecuteNonQuery()
           Using cmd As New SqlCommand("Insert Into F_PERMENU (INDEX_F,parent_node,compid,user_id) Values (@INDEX_F, @parent_node, @compid, @user_id)", con)
               cmd.Parameters.AddWithValue("@INDEX_F", item.Text)
               cmd.Parameters.AddWithValue("@parent_node", item.SubItems.Item(1).Text)
               cmd.Parameters.AddWithValue("@compid", compidtxt.Text)
               cmd.Parameters.AddWithValue("@user_id", user_idtxt.Text)
               cmd.ExecuteNonQuery()
           End Using
       Next
       con.Close()
       DataGridView1.DataSource = masterBindingSource
       DataGridView2.DataSource = detailsBindingSource
   End Sub

Private Sub AddToList1()
       ListView1.Columns.Clear()
       Dim TempStr(1) As String
       Dim TempNode As ListViewItem
       ' Show "hidden" text
       ListView1.ShowItemToolTips = True
       ' Set columnar mode
       ListView1.View = View.Details
       ' Set column header
       ListView1.Columns.Add("ایندکس", 80)
       ListView1.Columns.Add("متن", 120)
       ' Remove previous items
       ListView1.Items.Clear()
       For Each tnd As TreeNode In GET_ALL_PARENT_AND_CHILD_NODES(TreeView1)
           If tnd.Checked Then
               ' Add two items
               TempStr(0) = tnd.Index
               TempStr(1) = tnd.Text
               TempNode = New ListViewItem(TempStr)
               ListView1.Items.Add(TempNode)
           End If
       Next
   End Sub

Public Function GET_ALL_PARENT_AND_CHILD_NODES(ByVal tree As TreeView) As List(Of TreeNode)
       Dim nodes As New List(Of TreeNode)
       Dim queue As New Queue(Of TreeNode)
       Dim top As TreeNode
       Dim nod As TreeNode
       For Each top In tree.Nodes
           queue.Enqueue(top)
       Next
       While (queue.Count > 0)
           top = queue.Dequeue
           nodes.Add(top)
           For Each nod In top.Nodes
               queue.Enqueue(nod)
           Next
       End While
       GET_ALL_PARENT_AND_CHILD_NODES = nodes
   End Function
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900