Click here to Skip to main content
15,311,717 members
Please Sign up or sign in to vote.
2.00/5 (1 vote)
See more:
C#
using System;
using System.IO;
using System.Collections;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.Sql;
using System.Data.SqlClient;
using iTextSharp.text;
using iTextSharp.text.pdf;

public partial class donorcard : System.Web.UI.Page
{
    SqlConnection cn;
    SqlCommand cmd;
    protected void Page_Load(object sender, EventArgs e)
    {
        cn = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=E:\\organ2\\App_Data\\Database.mdf;Integrated Security=True;User Instance=True");
        cn.Open();
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string donorid = TextBox1.Text;
        string donorname = TextBox5.Text;
        string address = TextBox2.Text;
        string anypart = RadioButtonList1.Text;
        string wish = CheckBoxList2.Text;
        string witnessname = TextBox3.Text;
        string witnessphno = TextBox4.Text;
        string name = FileUpload1.FileName;
        FileUpload1.SaveAs(Server.MapPath("~/images/" + name));
        string photo = "~/images/" + name;
        cmd = new SqlCommand("insert into donorcard values('" + donorid + "','" + donorname + "','" + address + "','" + anypart + "','" + wish + "','" + witnessname + "','" + witnessphno + "','" + photo + "')", cn);
        cmd.ExecuteNonQuery();
        TextBox1.Text = "";
        TextBox2.Text = "";
        TextBox3.Text = "";
        TextBox4.Text = "";
        TextBox5.Text = "";
        RadioButtonList1.Text = "";
        CheckBoxList2.Text = "";
        //Response.Redirect("~/donor mainpage.aspx");00
        //Response.ContentType = "Application/pdf";
        //Response.AppendHeader("Content-Disposition", "attachment;filename=Test_PDF.pdf");
        //Response.TransmitFile(Server.MapPath("~//pdf.pdf"));
        //Response.End();
        Document doc = new Document(iTextSharp.text.PageSize.LETTER, 10, 10, 42, 35);
        PdfWriter wri = PdfWriter.GetInstance(doc, new FileStream("Donorcard.pdf", FileMode.Create));
        doc.Open();
        Paragraph paragraph = new Paragraph("This is your Donorcard.Get signature form the witness and keep it safe.");
        doc.Add(paragraph);
        doc.Close();
    }

}
Posted
Updated 5-Apr-15 6:09am
v2
Comments
DamithSL 5-Apr-15 12:13pm
   
what is the full error with stack trace? in which line you get this error?
please update the question with details and try to explain your issue.

1 solution

There are so many things wrong here...
The first is that the "current folder" is a very poor place to store your PDF files:
C#
PdfWriter wri = PdfWriter.GetInstance(doc, new FileStream("Donorcard.pdf", FileMode.Create));
And that's probably the source of your problem. So create a "Documents" folder, give it the appropriate write permissions, and use that instead.

But more importantly, Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is especially important in a web app where anyone, anywhere in the world, can delete your database by typing in text boxes...
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900