Click here to Skip to main content
15,941,973 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
below i write my sql query

C#
"Insert into tblpayfee(regno,sname,lastname,course,sem,date,fee_amt,paid_amt,remain_amt,fine,tot_amt,amt_words)values('" + txtregno.Text + "','" + txtname.Text + "','" + txtlastname.Text + "','" + txtcourse.Text + "','" + DropDownList2.SelectedItem.ToString() + "','" + txtfeedate.Text + "','" + txtfeeamount.Text + "','" + txtpaidamt.Text + "','" + txtremainamt.Text + "','" + txtfineamt.Text + "','" + txttotamt.Text + "'," + txtamt_words + ")";

but i face problem in execution of this query

The name "System.Web.UI.WebControls.TextBox" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.<br />


how can solve this problem pls help me

- Suraj
Posted
Updated 14-May-13 4:46am
v2
Comments
[no name] 14-May-13 10:53am    
You really should be using parameterized queries instead of string concatenation to prevent SQL injection attacks.

As mentioned in Solution-1 use txtamt_words.Text.

You are using inline query and passing your Input/TextBox values into it. This is a potential risk of SQL Injection.

Have a look at below links to uderstand SQL Injection.
http://en.wikipedia.org/wiki/SQL_injection

http://blogs.technet.com/b/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx

Solution:- Instead use parameterized query. Have a look at below link.
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters
 
Share this answer
 
Comments
Maciej Los 14-May-13 11:07am    
+5Complete answer!
you forgot to use the text property on txtamt_words, use this instead "txtamt_words.Text"
 
Share this answer
 
v2
Comments
Maciej Los 14-May-13 10:52am    
That could be it!
+4, because answer is not complete ;(
Yuriy Loginov 14-May-13 11:13am    
thanks!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900