Click here to Skip to main content
15,881,424 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
now I added My registration pagefor redirecting is

Response.Redirect("ViewJdetailed.aspx?eid='" + txteid.Text + "'");

and my addexp page code is

C#
protected void btnsave_Click(object sender, EventArgs e)
    {
        String email = Convert.ToString(Request.QueryString["eid"]);
        //string email = Convert.ToString(Request.QueryString["eid"]);
        //string fromdate=Drp_Fromdate_M.SelectedItem.Text + "/" + Drp_Fromdate_y.SelectedItem.Text;
        //string todate = Drp_Todate_M.SelectedItem.Text + "/" + Drp_Todate_y.SelectedItem.Text;
        string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";

        SqlCommand cmd = new SqlCommand(Str, cnn);

        cnn.Open();
        cmd.ExecuteNonQuery();


            lblmsg.Text = "Successfully Inserted";


        clear();
        cnn.Close();

    }
    protected void clear()
    {
        Txt_CompanyName.Text = "";
        txtfrom.Text = "";
        txtto.Text = "";
        Drp_Fun.Items.Clear() ;
        Txt_job.Text = "";

    }
}




but I get error

Incorrect syntax near 'cc@cc'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near 'cc@cc'.

Source Error:


Line 43: string email = Request.QueryString["eid"].ToString();
Line 44: cmd = new SqlCommand("Select * from registration1 where eid = '" + email + "' ", cnn);
Line 45: dr = cmd.ExecuteReader();
Line 46: dr.Read();
Line 47:


so help.



I created Dp login for upload cv.

My first page is registration page. if it successfully registered it redirect into experence page.



I want to insert email id in table so my code on exp page is like that,

C#
protected void btnsave_Click(object sender, EventArgs e)
   {
       string email = Convert.ToString(Request.QueryString["eid"]);
      
       string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";

       SqlCommand cmd = new SqlCommand(Str, cnn);

       cnn.Open();
       int i = cmd.ExecuteNonQuery();

       if (i == 1)
       {
          
           lblmsg.Text = "Successfully Inserted";
       }
       else
       {
           Response.Write("error..");

       }
       clear();
       cnn.Close();

   }
   protected void clear()
   {
       Txt_CompanyName.Text = "";
       txtfrom.Text = "";
       txtto.Text = "";
       Drp_Fun.Items.Clear() ;
       Txt_job.Text = "";

   }


but it takes the email id null.

so how can i insert email id.
Posted
Updated 30-Jul-12 21:20pm
v2
Comments
Sergey Alexandrovich Kryukov 31-Jul-12 1:39am    
Where is the data for the id in your code? I could not find it.
--SA

Please see my comment to the question. Perhaps you need to provide more detailed information. However, not in this case, because the whole idea is wrong. Not that it cannot work, but what you do is so unsafe that you never should do such things.

Please see what you are doing. You concatenate several strings taken from UI controls to build a query string. Are you getting the hint already? No? Those strings can contain anything, including— some fragments of SQL code. It means you open the doors wide to a well-known exploit called SQL injection. You database can be hacked in no time. Please see:
http://en.wikipedia.org/wiki/SQL_injection[^].

Look at the article referenced above and read about the importance of parametrized statements. With ADO.NET, you should always use parametrized commands:
http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx[^].

Besides, You are using repeated string concatenation. This is already bad, because strings are immutable. You could use string.Format to solve this problem. (Do I even need to explain how this can degrade performance? In other cases, such as loops, you can use System.Text.StringBuilder which is of course mutable.)

Now, you can see that you have to re-write this code anyway, by the reasons more important than your little bug, so I don't see a need to look for a bug and a fix. Hopefully, when you redo it all properly, the bug won't appear again. It you find this or another bugs (which is pretty likely), you can always ask another question.

—SA
 
Share this answer
 
Comments
aarohi verma 31-Jul-12 4:51am    
your Given link is very useful.my problem is solved.thanks.
Sergey Alexandrovich Kryukov 31-Jul-12 11:17am    
My pleasure.
Good luck, call again.
--SA
Hi,
There is some problem in your query string. Your code seems to be perfect. Try checking this line:
C#
string email = Convert.ToString(Request.QueryString["eid"]);
//Here your email value is not coming.
//try checking this line firs. It'll work. 

Also check your URL whether the QueryString value is coming or not.
Check this out:
Passing variables between pages using QueryString[^]

--Amit
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900