I need to get off with my ASP.NET application - Session and DB transaction

Question

1.00/5 (1 vote)

See more:

1. I am using Visual Studio 2010 and MSSQL 2005. 2. I am developing a web interface for already exiting application to enable certain internal customers login and retrieve their own data. 3. They will check the retrieved data to be sure the existing data is ok as captured. 4. If it needs modification, they will go ahead to modify the retieved data on the controls on the form. 5. When done, they will submit for update. The submit event should UPDate tblEmployeeInformation table and INSERT audit trail in the tblAuditTrailHuresLive. 6. If it goes through, the modified data should be displayed for confirmation. 7. When done, they will use confirm button to certify the displayed data. 8. Each form should keep session which can terminate after 5minutes of idle time.

code behind for BIO-Data Form:

VB

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    ' This code executes when the page is first loaded.
    If Session("empcode") <> "" Then
        lblStaffCode.Text = Session("empcode")
        staffid = CInt(lblStaffCode.Text)
        lblUserName.Text = globalusername
        sqlstr = "SELECT Surname,Firstname,Middlename,Initials,DOBDay,DOBMonth,DOBYear,Sex,MaritalStatus,BloodGrp,Genotype,PlaceofBirth,HomeTown,State,LGA,Nationality,Religion FROM tblEmployeeInformation WHERE EmpCode='" & staffid & "'"
        displayrecord()
    End If
End Sub

Private Sub displayrecord()
    'This retrieves data of some fields out of many and render on controls on the BioData form. the idea is to make modifications on the display data and update.
    Call OpenCon()
    Try
        Dim comStafffd As SqlCommand = New SqlCommand(sqlstr, cnSUSU)
        Dim objReader As SqlDataReader
        DAFD2 = New SqlDataAdapter
        DAFD2.SelectCommand = comStafffd
        DSFD2 = New DataSet
        DAFD2.Fill(DSFD2, "tblEmployeeInformation")

        objReader = comStafffd.ExecuteReader()

        objReader.Read()
        txtSurname.Text = objReader("Surname")
        txtFirstname.Text = objReader("Firstname")
        txtMiddlename.Text = objReader("Middlename")
        txtInitials.Text = objReader("Initials")
        txtDay.Text = objReader("DOBDay")
        cboMonth.SelectedValue = objReader("DOBMonth")
        txtYear.Text = objReader("DOBYear")
        txtSex.Text = objReader("Sex")
        txtMaritalStatus.Text = objReader("MaritalStatus")
        txtBloodgroup.Text = objReader("BloodGrp")
        txtGenotype.Text = objReader("Genotype")
        txtPlaceofbirth.Text = objReader("PlaceofBirth")
        txtHometown.Text = objReader("HomeTown")
        txtState.Text = objReader("State")
        txtLGA.Text = objReader("LGA")
        txtNationality.Text = objReader("Nationality")
        txtReligion.Text = objReader("Religion")
        objReader.Close()

        If txtSex.Text = "M" Then
            optMale.Checked = True
        ElseIf txtSex.Text = "F" Then
            optFemale.Checked = True
        End If

        If txtMaritalStatus.Text = "MARRIED" Then
            optMarried.Checked = True
        ElseIf txtMaritalStatus.Text = "SINGLE" Then
            optSingle.Checked = True
        ElseIf txtMaritalStatus.Text = "DIVORCED" Then
            optDivorced.Checked = True
        ElseIf txtMaritalStatus.Text = "WIDOWED" Then
            optWidowed.Checked = True
        ElseIf txtMaritalStatus.Text = "WIDOWER" Then
            optWidower.Checked = True
        ElseIf txtMaritalStatus.Text = "SEPERATED" Then
            optSeparated.Checked = True
        End If

    Catch ex As Exception
        lblError2.Text = ("Error occurred: " + ex.Message)
    Finally
        cnSUSU.Close()
    End Try
End Sub

I will appreciate if you guys helps me sort out the problem. The displayrecord procedure work when the page loads the first time. At run time the codes do not through exception but only post into tblAuditTrailhuresLive but does not for tblEmployeeInformation. The session tracking is not working properly across the pages. I also suspect "if Not IsPostBack ..." is not used on the page because I am yet to appreciate it. Session is not properly controlled. The logout link/button is not done yet.(Sorry i had to post long post. i would have attached the files rather. Bera with me.)

Posted 24-Dec-11 5:14am

sunnyukeachu

Updated 24-Dec-11 10:26am

Not Active

v2

Add a Solution

Comments

[no name] 24-Dec-11 16:27pm

Edited to remove useless code. You don't need to post your entire application when asking a question, only the relevant parts are necessary.

2 solutions

Solution 1

"I also suspect "if Not IsPostBack ..." is not used on the page because I am yet to appreciate it"

IsPostBack is not used, you have no code that uses it. What you suspect it and why have you not taken the time to learn properly?

You have a considerable amount to learn. The markup and code-behind could be cleaned up dramatically by using DataBinding.

Use smaller discrete methods rather than one massive block of code in one method.

In cmdSubmit_Click you use parameters with your SQL command, yet in the EditRec you use string concatenation with unvalidated raw user input. NEVER use this method EVER. You have opened yourself to SQL injection attacks and made your application and data extremely vulnerable. There is a large volume of information about this.

Posted 24-Dec-11 10:41am

Not Active

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sunnyukeachu · Accepted Answer · 2011-12-24T11:49:00

Solution 2

Thanks Mark for ur response.

If you can give me bits of codes to take care of ur observations, that will help. For instance, what will be right IsPostBack block?

In cmdSubmit_Click I used parameters with your SQL command to test in order to be sure is not the way I presented it in the EditRec.

Any section u can assist will be most appreciated. Thanks.

Posted 24-Dec-11 11:49am

sunnyukeachu

Updated 24-Dec-11 11:51am

v2

Comments

André Kraak 25-Dec-11 4:47am

If you have a question about or comment on a given solution use the "Have a Question or Comment?" option beneath the solution. When using this option the person who gave the solution gets an e-mail message and knows you placed a comment and can respond if he/she wants.

Please move the content of this solution to the solution you are commenting on and remove the solution.
Thank you.