Insert data in another page problem

Question

1.00/5 (1 vote)

See more:

now I added My registration pagefor redirecting is

Response.Redirect("ViewJdetailed.aspx?eid='" + txteid.Text + "'");

and my addexp page code is

C#

protected void btnsave_Click(object sender, EventArgs e)
    {
        String email = Convert.ToString(Request.QueryString["eid"]);
        //string email = Convert.ToString(Request.QueryString["eid"]);
        //string fromdate=Drp_Fromdate_M.SelectedItem.Text + "/" + Drp_Fromdate_y.SelectedItem.Text;
        //string todate = Drp_Todate_M.SelectedItem.Text + "/" + Drp_Todate_y.SelectedItem.Text;
        string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";

        SqlCommand cmd = new SqlCommand(Str, cnn);

        cnn.Open();
        cmd.ExecuteNonQuery();


            lblmsg.Text = "Successfully Inserted";


        clear();
        cnn.Close();

    }
    protected void clear()
    {
        Txt_CompanyName.Text = "";
        txtfrom.Text = "";
        txtto.Text = "";
        Drp_Fun.Items.Clear() ;
        Txt_job.Text = "";

    }
}

but I get error

Incorrect syntax near 'cc@cc'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near 'cc@cc'.

Source Error:

Line 43: string email = Request.QueryString["eid"].ToString();
Line 44: cmd = new SqlCommand("Select * from registration1 where eid = '" + email + "' ", cnn);
Line 45: dr = cmd.ExecuteReader();
Line 46: dr.Read();
Line 47:

so help.

I created Dp login for upload cv.

My first page is registration page. if it successfully registered it redirect into experence page.

I want to insert email id in table so my code on exp page is like that,

C#

protected void btnsave_Click(object sender, EventArgs e)
   {
       string email = Convert.ToString(Request.QueryString["eid"]);
      
       string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";

       SqlCommand cmd = new SqlCommand(Str, cnn);

       cnn.Open();
       int i = cmd.ExecuteNonQuery();

       if (i == 1)
       {
          
           lblmsg.Text = "Successfully Inserted";
       }
       else
       {
           Response.Write("error..");

       }
       clear();
       cnn.Close();

   }
   protected void clear()
   {
       Txt_CompanyName.Text = "";
       txtfrom.Text = "";
       txtto.Text = "";
       Drp_Fun.Items.Clear() ;
       Txt_job.Text = "";

   }

but it takes the email id null.

so how can i insert email id.

Posted 30-Jul-12 19:34pm

aarohi verma

Updated 30-Jul-12 21:20pm

v2

Add a Solution

Comments

Sergey Alexandrovich Kryukov 31-Jul-12 1:39am

Where is the data for the id in your code? I could not find it.
--SA

2 solutions

Solution 1

Hi,
There is some problem in your query string. Your code seems to be perfect. Try checking this line:

C#

string email = Convert.ToString(Request.QueryString["eid"]);
//Here your email value is not coming.
//try checking this line firs. It'll work.

Also check your URL whether the QueryString value is coming or not.
Check this out:
Passing variables between pages using QueryString[^]

--Amit

Posted 30-Jul-12 19:40pm

_Amy

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2012-07-30T19:48:00

Please see my comment to the question. Perhaps you need to provide more detailed information. However, not in this case, because the whole idea is wrong. Not that it cannot work, but what you do is so unsafe that you never should do such things.

Please see what you are doing. You concatenate several strings taken from UI controls to build a query string. Are you getting the hint already? No? Those strings can contain anything, including— some fragments of SQL code. It means you open the doors wide to a well-known exploit called SQL injection. You database can be hacked in no time. Please see:
http://en.wikipedia.org/wiki/SQL_injection[^].

Look at the article referenced above and read about the importance of parametrized statements. With ADO.NET, you should always use parametrized commands:
http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx[^].

Besides, You are using repeated string concatenation. This is already bad, because strings are immutable. You could use string.Format to solve this problem. (Do I even need to explain how this can degrade performance? In other cases, such as loops, you can use System.Text.StringBuilder which is of course mutable.)

Now, you can see that you have to re-write this code anyway, by the reasons more important than your little bug, so I don't see a need to look for a bug and a fix. Hopefully, when you redo it all properly, the bug won't appear again. It you find this or another bugs (which is pretty likely), you can always ask another question.

—SA