Im doing a Dynamic Query into ASP.NET using SQL Server 2016.
Basically i have some checkbox and textbox:
<asp:CheckBox ID="chk_Precio" runat="server" OnCheckedChanged="chk_Precio_CheckedChanged" AutoPostBack="true" />
<asp:TextBox ID="txtPrecio" runat="server" CssClass="enjoy-css" style="margin-bottom: 0"></asp:TextBox>
<asp:CheckBox ID="chk_Modelo" runat="server" AutoPostBack="true" OnCheckedChanged="chk_Modelo_CheckedChanged" />
<asp:TextBox ID="txtModelo" runat="server" CssClass="enjoy-css" style="margin-bottom: 0"></asp:TextBox>
<asp:Button ID="btnBuscar" CssClass="button" runat="server" Text="Buscar" OnClick="btnBuscar_Click" />
These are validated in chk_Modelo_CheckedChanged.
Inside btnBuscar_Click i have:
protected void btnBuscar_Click(object sender, EventArgs e)
{
string query = "SELECT p.OrderId AS Orden, p.OrderDate as Fechadecompra, '$'+Convert(varchar,convert(money,p.Amount),1) as PrecioCompra, c.ModelCar as Modelo, b.Description_Brand as Marca, c.Color, t.Description_Transmision as Transmision, s.StatusName AS Estado FROM PurchaseOrder AS p INNER JOIN Cars AS c ON p.IdCar = c.IdCar INNER JOIN Brand AS b ON c.IdBrand = b.IdBrand INNER JOIN TransmisionType AS t ON c.IdTransmision = t.IdTransmision INNER JOIN Status AS s on c.IdStatus = s.IdStatus where ";
string varprecio = txtPrecio.Text;
string varModelo = txtModelo.Text;
try
{
if (varprecio != "")
{
query += "(p.Amount = '"+varprecio +"') or";
}
else if(varModelo != "")
{
query += "(c.ModelCar = '"+varModelo +"') or";
}
string str = "Data Source=DESKTOP-77G5EDB\\SQLEXPRESS;Initial Catalog=TallerDB;Integrated Security=True";
SqlConnection sqlConnection = new SqlConnection(str);
SqlCommand cmd = new SqlCommand(query, sqlConnection);
sqlConnection.Open();
SqlDataReader dr = cmd.ExecuteReader();
dtgv_Compras.DataSource = dr;
dtgv_Compras.DataBind();
}
catch (Exception ex)
{
Response.Write("<script>alert('ERROR: " + ex.Message + "')</script>");
}
}
My question is:
How can i validate if my query ends with: OR, delete these OR and my query finish correctly.
query += "(p.Amount = '"+varprecio +"') or";
F.E.:
SELECT p.OrderId AS Orden, p.OrderDate as Fechadecompra, '$'+Convert(varchar,convert(money,p.Amount),1) as PrecioCompra, c.ModelCar as Modelo, b.Description_Brand as Marca, c.Color, t.Description_Transmision as Transmision, s.StatusName AS Estado
FROM PurchaseOrder AS p
INNER JOIN Cars AS c ON p.IdCar = c.IdCar
INNER JOIN Brand AS b ON c.IdBrand = b.IdBrand
INNER JOIN TransmisionType AS t ON c.IdTransmision = t.IdTransmision
INNER JOIN Status AS s on c.IdStatus = s.IdStatus where (p.Amount = '5000')
Thanks in advance
I made some changes in your button click.
protected void btnBuscar_Click(object sender, EventArgs e)
{
string query = "SELECT p.OrderId AS Orden, p.OrderDate as Fechadecompra, '$'+Convert(varchar,convert(money,p.Amount),1) as PrecioCompra, c.ModelCar as Modelo, b.Description_Brand as Marca, c.Color, t.Description_Transmision as Transmision, s.StatusName AS Estado FROM PurchaseOrder AS p INNER JOIN Cars AS c ON p.IdCar = c.IdCar INNER JOIN Brand AS b ON c.IdBrand = b.IdBrand INNER JOIN TransmisionType AS t ON c.IdTransmision = t.IdTransmision INNER JOIN Status AS s on c.IdStatus = s.IdStatus ";
string varprecio = txtPrecio.Text;
string varModelo = txtModelo.Text;
try
{
if (varprecio != "" || varModelo != "")
query += "where ";
if (varprecio != "")
{
query += "(p.Amount = '" + varprecio + "')";
if (varModelo != "")
query += " or ";
}
if (varModelo != "")
{
query += "(c.ModelCar = '" + varModelo + "')";
}
string str = "Data Source=DESKTOP-77G5EDB\\SQLEXPRESS;Initial Catalog=TallerDB;Integrated Security=True";
SqlConnection sqlConnection = new SqlConnection(str);
SqlCommand cmd = new SqlCommand(query, sqlConnection);
sqlConnection.Open();
SqlDataReader dr = cmd.ExecuteReader();
dtgv_Compras.DataSource = dr;
dtgv_Compras.DataBind();
}
catch (Exception ex)
{
Response.Write("<script>alert('ERROR: " + ex.Message + "')</script>");
}
}
Hope this will work for you. Please let me know if you will still facing issue.
Try this so you don't have to check whether they are blank or not
query += "('" + varprecio +"' = '''' or p.Amount = '" + varprecio +"') AND"
query += "('" + varModelo +"' = '''' or c.ModelCar = '"+varModelo +"')";
Which will give you
WHERE ('' = '' OR p.amount = '') AND ('' = '' or c.ModelCar = '')
or
WHERE ('abc' = '' OR p.amount = 'abc') AND ('xyz' = '' or c.ModelCar = 'xyz')
so if they are blank they are ignored on the SQL side.
I was trying in my work with oracle and i found this:
SELECT SUBSTR('select * from table where condicion = value or', 1, (LENGTH('select * from table where condicion = value or') - 2))
FROM dual where (SUBSTR ('select * from table where condicion = value or', -2,LENGTH('select * from table where condicion = value or')) = 'or');
Query:
select * from table where condicion = value or
Result:
I'll convert later to transact-sql in case someone uses the code into oracle.
Related
When I m writing this query in the code on button click to insert the mkey in the xxacl_pn_new_cha_part_h table
it gives me error as
"ORA-00904: "A": invalid identifier"
Here is my code:-
try
{
conn.Open();
OracleDataReader sdr = cmd.ExecuteReader();
while (sdr.Read())
{
cmd.CommandText = "insert into xxacl_pn_new_cha_part_h select sysdate, a.* from xxacl_pn_new_cha_part where mkey= " + sdr[0].ToString(); // this query gives error
cmd.ExecuteNonQuery();
strQuery = "UPDATE xxacl_pn_new_cha_part set Rating='" + sdr[2].ToString() + "', RATING_UPDATE_DATE=convert(datetime,'" + System.DateTime.Now.ToString() + "',103) WHERE mkey = " + sdr[0].ToString();
cmd.CommandText = strQuery;
cmd.ExecuteNonQuery();
}
ScriptManager.RegisterStartupScript(this, GetType(), "alertMessage", "alert('Broker rating updated succesfully');", true);
}
I am using Oracle
UPDATE
protected void btnUpdate_Click(object sender, EventArgs e)
{
OracleConnection conn = new OracleConnection(ConfigurationManager.ConnectionStrings["OracleConn"].ConnectionString);
string strQuery = "SELECT distinct ab.mkey, ab.broker_id,CASE WHEN SYSDATE - la.creation_date <= 180 THEN 'A' WHEN SYSDATE - cef_dt <= 30 THEN " +
"'B' ELSE 'C'END rating FROM xxacl_pn_new_cha_part ab,xxacl_pn_lease_det ld,xxacl_pn_leases_all la, " +
"xxcus.xxacl_pn_customer_enquiry_v ce WHERE ab.broker_id = ld.broker_id(+) AND ld.booking_no = la.booking_no(+) " +
" AND ab.broker_id = ce.broker_id(+)";
OracleCommand cmd = new OracleCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = strQuery;
cmd.Connection = conn;
try
{
conn.Open();
OracleDataReader sdr = cmd.ExecuteReader();
while (sdr.Read())
{
cmd.CommandText = "insert into xxacl_pn_new_cha_part_h select sysdate, a.* from xxacl_pn_new_cha_part a where a.mkey= " + sdr[0].ToString();
cmd.ExecuteNonQuery();
strQuery = "UPDATE xxacl_pn_new_cha_part set Rating='" + sdr[2].ToString() + "', RATING_UPDATE_DATE=convert(datetime,'" + DateTime.Now.ToString() + "',103) WHERE mkey = " + sdr[0].ToString();
cmd.CommandText = strQuery;
cmd.ExecuteNonQuery();
}
ScriptManager.RegisterStartupScript(this, GetType(), "alertMessage", "alert('Broker rating updated succesfully');", true);
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
conn.Dispose();
}
}
You are missing the alias name here, try this one
cmd.CommandText = "insert into xxacl_pn_new_cha_part_h select sysdate, a.* from xxacl_pn_new_cha_part a where a.mkey= " + sdr[0].ToString();
UPDATE:
protected void btnUpdate_Click(object sender, EventArgs e)
{
OracleConnection conn = new OracleConnection(ConfigurationManager.ConnectionStrings["OracleConn"].ConnectionString);
string strQuery = "SELECT distinct ab.mkey, ab.broker_id,CASE WHEN SYSDATE - la.creation_date <= 180 THEN 'A' WHEN SYSDATE - cef_dt <= 30 THEN " +
"'B' ELSE 'C'END rating FROM xxacl_pn_new_cha_part ab,xxacl_pn_lease_det ld,xxacl_pn_leases_all la, " +
"xxcus.xxacl_pn_customer_enquiry_v ce WHERE ab.broker_id = ld.broker_id(+) AND ld.booking_no = la.booking_no(+) " +
" AND ab.broker_id = ce.broker_id(+)";
OracleCommand cmd = new OracleCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = strQuery;
cmd.Connection = conn;
try
{
conn.Open();
OracleDataReader sdr = cmd.ExecuteReader();
while (sdr.Read())
{
cmd.CommandText = "insert into xxacl_pn_new_cha_part_h select 0, sysdate, a.* from xxacl_pn_new_cha_part a where a.mkey= " + sdr[0].ToString();
cmd.ExecuteNonQuery();
strQuery = "UPDATE xxacl_pn_new_cha_part set Rating='" + sdr[2].ToString() + "', RATING_UPDATE_DATE=to_date('" + DateTime.Now.ToString() + "','dd-mm-yyyy hh:mi:ss am') WHERE mkey = " + sdr[0].ToString();
cmd.CommandText = strQuery;
cmd.ExecuteNonQuery();
}
ScriptManager.RegisterStartupScript(this, GetType(), "alertMessage", "alert('Broker rating updated succesfully');", true);
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
conn.Dispose();
}
}
You missed the alias name of a table
"insert into xxacl_pn_new_cha_part_h select sysdate, a.* from xxacl_pn_new_cha_part a where a.mkey= " + sdr[0].ToString();
The SQL query works in SQL Server Management Studio. But, in Visual studio it gives an error
Incorrect syntax near D1
Code:
private void GetDataByID(string _id)
{
string connectionString = ConfigurationManager.ConnectionStrings["DatabaseConnectionString"].ConnectionString;
using (SqlConnection connection = new SqlConnection(connectionString))
{
string sqlCommand = "SELECT d1.*, d2.* FROM KFM.dbo.ToolBoxDocContent as d1, KFM.dbo.ToolBoxDocument as d2" +
"where d1.DocumentId = d2.DocumentId and = d2.DocumentId =" + _id;
SqlCommand cmd = new SqlCommand(sqlCommand, connection);
SqlDataReader MyReader;
try
{
connection.Open();
MyReader = cmd.ExecuteReader();
while (MyReader.Read())
{
string sDueWeek = MyReader["DueWeek"].ToString();
string sTitle = MyReader["DocumentTitle"].ToString();
//string sEnglishBodyContent = MyReader["DocumentBody"].ToString();
//string sFrenchBodyContent = MyReader["DocumentBody"].ToString();
txb_Week.Text = sDueWeek;
txb_Title.Text = sTitle;
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
}
Change the query as shown below
"SELECT d1.*, d2.* FROM KFM.dbo.ToolBoxDocContent as d1, KFM.dbo.ToolBoxDocument as d2
where d1.DocumentId = d2.DocumentId and d2.DocumentId ='" + _id + "'";
In your query, you also have entered = sign after and.
Try this code
string sqlCommand = "SELECT d1.*, d2.* FROM KFM.dbo.ToolBoxDocContent d1 inner join KFM.dbo.ToolBoxDocument as d2 on d1.DocumentId = d2.DocumentId " + " where d2.DocumentId = " + _id;
Also it's better to write store procedure instead and call from your c# code.
private void GetDataByID(string _id)
{
string connectionString = ConfigurationManager.ConnectionStrings["DatabaseConnectionString"].ConnectionString;
string sqlCommand = "SELECT d1.*, d2.* "
+ " FROM KFM.dbo.ToolBoxDocContent as d1"
+ " INNER JOIN KFM.dbo.ToolBoxDocument as d2 ON d1.DocumentId = d2.DocumentId"
+ " WHERE d2.DocumentId = #ID";
using (SqlConnection connection = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand(sqlCommand, connection))
{
cmd.Parameter.Add("#ID", SqlDbType.Int).Value = int.Parse(_id);
try
{
connection.Open();
using (SqlDataReader MyReader = cmd.ExecuteReader()_
{
while (MyReader.Read())
{
string sDueWeek = MyReader["DueWeek"].ToString();
string sTitle = MyReader["DocumentTitle"].ToString();
//string sEnglishBodyContent = MyReader["DocumentBody"].ToString();
//string sFrenchBodyContent = MyReader["DocumentBody"].ToString();
txb_Week.Text = sDueWeek;
txb_Title.Text = sTitle;
}
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
}
One thing I have noticed in your query is that
space is not provided properly before two joins using '+'. Use space before where
incorrect syntax at where clause. remove extra '=' after and at and = d2.DocumentId = " + _id
Your final query will look like as mentioned below:
string sqlCommand = "SELECT d1.*, d2.* FROM KFM.dbo.ToolBoxDocContent as d1, KFM.dbo.ToolBoxDocument as d2" +
" where d1.DocumentId = d2.DocumentId and d2.DocumentId =" + _id;
Update:
string sqlCommand = "SELECT d1.*, d2.* FROM KFM.dbo.ToolBoxDocContent as d1, KFM.dbo.ToolBoxDocument as d2" +
" where d1.DocumentId = d2.DocumentId and d2.DocumentId = '" + _id + "'";
I am writing a code to query .CSV file using SQL below is my code which works perfectly fine
string fileDirectory = #"C:\TechnicalTest\GskTest\Csv\SampleData.csv";
string strCSVConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
+ fileDirectory + ";Extended Properties='text;HDR=YES;'";
string sqlCust = "Select Count(order_id), order_id, contact_id from SampleData.csv "
+ "Group by order_id, contact_id "
+ "Order by 1 Desc";
string sqlProd = "Select Count(order_id), product_id from SampleData.csv "
+ "Group by product_id "
+ "Order by 1 Desc";
string sqlOrders = "Select Count(order_id) from SampleData.csv "
+"Order by 1 Desc";
OleDbConnection con = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0; Data Source = " + System.IO.Path.GetDirectoryName(fileDirectory) + "; Extended Properties = \"Text;HDR=YES;FMT=Delimited\"");
con.Open();
OleDbDataAdapter daCust = new OleDbDataAdapter(sqlCust, con);
DataTable dtCust = new DataTable();
daCust.Fill(dtCust);
OleDbDataAdapter daProd = new OleDbDataAdapter(sqlProd, con);
DataTable dtProd = new DataTable();
daProd.Fill(dtProd);
OleDbDataAdapter daOrders = new OleDbDataAdapter(sqlOrders, con);
DataTable dtOrders = new DataTable();
daOrders.Fill(dtOrders);
con.Close();
But when I am trying to call the same code from the function by passing the file path which is retrieved from asp.net file upload control it does not work. Please see the code below.
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (fupPath.HasFile)
{
string filename = Path.GetFileName(fupPath.FileName);
String csv_file_path = Path.Combine(Server.MapPath("~/Csv"), filename);
fupPath.SaveAs(csv_file_path);
Summery(csv_file_path);
DataTable csvData = GetDataTabletFromCSVFile(csv_file_path);
Response.Write("Rows count:" + csvData.Rows.Count);
//dtSummary(csvData);
}
}
protected void Summery(string fileName)
{
//string fileDirectory = #"C:\TechnicalTest\GskTest\Csv\SampleData.csv";
string fileDirectory = fileName;
//string strCSVConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
// + System.IO.Path.GetDirectoryName(fileDirectory) + ";Extended Properties='text;HDR=YES;FMT=Delimited\'";
string sqlCust = "Select Count(order_id), order_id, contact_id from SampleData.csv "
+ "Group by order_id, contact_id "
+ "Order by 1 Desc";
string sqlProd = "Select Count(order_id), product_id from SampleData.csv "
+ "Group by product_id "
+ "Order by 1 Desc";
string sqlOrders = "Select Count(order_id) from SampleData.csv "
+ "Order by 1 Desc";
OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0; Data Source = " + System.IO.Path.GetDirectoryName(fileDirectory) + "; Extended Properties = \"Text;HDR=YES;FMT=Delimited\"");
//OleDbConnection conn = new OleDbConnection(strCSVConnString);
conn.Open();
OleDbDataAdapter daCust = new OleDbDataAdapter(sqlCust, conn);
DataTable dtCust = new DataTable();
daCust.Fill(dtCust);
daCust.Dispose();
OleDbDataAdapter daProd = new OleDbDataAdapter(sqlProd, conn);
DataTable dtProd = new DataTable();
daProd.Fill(dtProd);
daProd.Dispose();
OleDbDataAdapter daOrders = new OleDbDataAdapter(sqlOrders, conn);
DataTable dtOrders = new DataTable();
daOrders.Fill(dtOrders);
daOrders.Dispose();
conn.Close();
}
You need to call a sheet name SheetName$ instead of file name SampleData.csv.
For example,
Select Count(order_id), order_id, contact_id from [SheetName$]
Normally, here is how you get a file path in ASP.Net, because you do not know the drive letter where your web application is hosted. In addition, you do not have access to a file located outside of web application.
var filePath = string.Format("{0}App_Data\\ExportImport\\{1}",
HttpRuntime.AppDomainAppPath, "SampleData.csv");
I have a label in asp.net page and change its text in certain situations. Here is the code:
<asp:Label ID="errorMessage" runat="server" Text="Label" Visible="False"></asp:Label>
errorMessage.Text = MyGlobals.student.registerCourse(c, ref addList, course).ToString();
errorMessage.ForeColor = System.Drawing.Color.Red;
errorMessage.Visible = true;
When i debugged, i saw that MyGlobals.student.registerCourse(c, ref addList, course).ToString() method returns my error message well. Then i set the label visible, but when page loads i cannot see the label. Also, while debugging i saw that "textsetbyaddparsedsubobject" property of the label is false. Can that be the problem? Why is not the label being showed in my page? Can anyone help?
Thanks.
Edit: Here is the full code:
protected void bSubmitChanges_Click1(object sender, EventArgs e)
{
Userfunctions function = new Userfunctions();
List<string> dropList = new List<string>();
List<string> addList = new List<string>();
SqlConnection con = new SqlConnection();
con.ConnectionString = Userfunctions.GetConnectionString();
SqlCommand cmd;
con.Open();
string ID = MyGlobals.currentID;
try
{
for (int i = 1; i <= 6; i++)
{
string course;
if ((course = boxCRN(i)) != "")
{
cmd = new SqlCommand("select count (*) from CourseTable where CRN=#course", con);
cmd.Parameters.AddWithValue("#course", course);
int result = Convert.ToInt32(cmd.ExecuteScalar());
if (result > 0)
{
cmd = new SqlCommand("select * from CourseTable where CRN=#course", con);
cmd.Parameters.AddWithValue("#course", course);
cmd.ExecuteScalar();
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
foreach (DataRow dr in dt.Rows)
{
string query = "SELECT * FROM CourseTable WHERE CourseCode='" + dr["CourseCode"] + "' AND CourseNumber='" + dr["CourseNumber"] + "' AND Term='" + dr["Term"] + "'";
cmd = new SqlCommand(query, con);
SqlDataAdapter da2 = new SqlDataAdapter(cmd);
DataTable dt2 = new DataTable();
da2.Fill(dt2);
DataRow dr2 = dt2.Rows[0];
cmd = new SqlCommand("select * from PrereqTable where CourseCode='" + dr["CourseCode"] + "' AND CourseNumber='" + dr["CourseNumber"] + "' AND Term='" + dr["Term"] + "'", con);
da2 = new SqlDataAdapter(cmd);
dt2 = new DataTable();
da2.Fill(dt2);
List<string> pre = new List<string>();
foreach (DataRow dr5 in dt2.Rows)
{
pre.Add(Convert.ToString(dr5["pCourseCode"]) + Convert.ToString(dr5["pCourseNumber"]));
}
Course c = new Course(dr2["InstructorID"].ToString(), dr2["CourseCode"].ToString(), dr2["CourseNumber"].ToString(), dr2["CourseName"].ToString(), dr2["Term"].ToString(), dr2["CRN"].ToString(), dr2["Level"].ToString(), dr2["Credit"].ToString(), dr2["Description"].ToString(), dr2["Capacity"].ToString());
c.addPrereq(pre);
string message = MyGlobals.student.registerCourse(c, ref addList, course).ToString();
errorMessage.Text = message;
errorMessage.ForeColor = System.Drawing.Color.Red;
errorMessage.Visible = true;
Label1.Visible = true;
Label1.Text = "asdasdasd";
}
}
}
}
}
catch (Exception) { }
for (int i = 0; i < showCourses.Rows.Count; i++)
{
string a = ((DropDownList)showCourses.Rows[i].FindControl("actionmenu")).SelectedValue;
if (((DropDownList)showCourses.Rows[i].FindControl("actionmenu")).SelectedValue == "1")
{
string courseCode = showCourses.Rows[i].Cells[1].Text, courseNumber = showCourses.Rows[i].Cells[2].Text;
SqlCommand com = new SqlCommand("select * from CourseTable where CourseCode=#courseCode and CourseNumber=#courseNumber", con);
com.Parameters.AddWithValue("courseCode", courseCode);
com.Parameters.AddWithValue("courseNumber", courseNumber);
try
{
SqlDataAdapter da2 = new SqlDataAdapter(com);
DataTable dt2 = new DataTable();
da2.Fill(dt2);
DataRow dr2 = dt2.Rows[0];
Course c = new Course(dr2["InstructorID"].ToString(), dr2["CourseCode"].ToString(), dr2["CourseNumber"].ToString(), dr2["CourseName"].ToString(), dr2["Term"].ToString(), dr2["CRN"].ToString(), dr2["Level"].ToString(), dr2["Credit"].ToString(), dr2["Description"].ToString(), dr2["Capacity"].ToString());
Register reg = new Register(c, MyGlobals.student);
MyGlobals.student.dropCourse(reg);
dropList.Add(showCourses.Rows[i].Cells[1].Text + showCourses.Rows[i].Cells[2].Text);
}
catch (Exception) { }
}
}
foreach (string course in dropList)
{
for (int i = 0; i < MyGlobals.student.getRegistered().Count; i++ )
{
if (MyGlobals.student.getRegistered()[i].getCourse().getCode().ToString() + MyGlobals.student.getRegistered()[i].getCourse().getNumber().ToString() == course)
MyGlobals.student.dropCourse(MyGlobals.student.getRegistered()[i]);
}
cmd = new SqlCommand("delete from RegisterTable where StudentID='" + MyGlobals.currentID + "' and CourseCode='" + course.Substring(0, course.Length - 3) + "' and CourseNumber='" + course.Substring(course.Length - 3, 3) + "'", con);
cmd.ExecuteNonQuery();
}
try
{
foreach (string courses in addList)
{
string courseCode = "";
string courseNumber = "";
string term = MyGlobals.currentTerm + " " + MyGlobals.currentYear;
string q = ("select CourseCode from CourseTable where CRN=#courses");
string grade = "";
SqlCommand command = new SqlCommand(q, con);
command.Parameters.AddWithValue("#courses", courses);
courseCode = Convert.ToString(command.ExecuteScalar());
q = ("select CourseNumber from CourseTable where CRN=#courses");
command = new SqlCommand(q, con);
command.Parameters.AddWithValue("#courses", courses);
courseNumber = Convert.ToString(command.ExecuteScalar());
cmd = new SqlCommand("insert into RegisterTable (CourseCode,CourseNumber,Term,StudentID,Grade) values(#courseCode,#courseNumber,#term, #ID,'U')", con);
cmd.Parameters.AddWithValue("#courseCode", courseCode);
cmd.Parameters.AddWithValue("#courseNumber", courseNumber);
cmd.Parameters.AddWithValue("#term", term);
cmd.Parameters.AddWithValue("#ID", ID);
cmd.Parameters.AddWithValue("#grade", grade);
cmd.ExecuteNonQuery();
}
}
catch (Exception) { }
con.Close();
Response.Redirect("AddDropClasses.aspx");
}
}
And the registerCourse function:
public string registerCourse(Course course, ref List <string> addList, string crn) {
bool registered = true;
string message ="";
foreach (string s in course.getTime())
{
Userfunctions f = new Userfunctions();
foreach (Register r in this.register) {
if (r.getCourse().getTerm() == MyGlobals.currentTerm.ToString() + " " + MyGlobals.currentYear.ToString() && !f.TimeCheck(s, r.getCourse().getTime()))
{
registered = false;
message = "Time conflict";
}
}
}
if (registered) {
SqlConnection con = new SqlConnection();
con.ConnectionString = Userfunctions.GetConnectionString();
con.Open();
string id = MyGlobals.currentID;
SqlCommand cmd = new SqlCommand("SELECT count (*) from RegisterTable where CourseCode ='" + course.getCode() +"' and CourseNumber='" + course.getNumber() + "' and Term='" + course.getTerm()+"'" , con);
cmd.Parameters.AddWithValue("#id", id);
int active = Convert.ToInt32(cmd.ExecuteScalar());
if (active >= Convert.ToInt32(course.getCapacity())){
registered = false;
message = "Not enough capacity";
}
if (registered) {
foreach (string s in course.getPrerequisites()) {
if (!hasPassedCourse(s)) {
registered = false;
message = "Prerequisite error";
}
}
}
}
if (registered)
{
Register reg = new Register(course, MyGlobals.student);
MyGlobals.student.addToSchedule(reg);
addList.Add(crn);
}
return message;
}
Remove below line
Response.Redirect("AddDropClasses.aspx");
it will load your page again as new page
When you have Visible="false" set on the control then the control properties may not been instatiated fully.
I would try hiding the control using, errorMessage.Visible=false in the code-behind in your Page_Load instead.
Im trying to use the sql parameters to avoid sql injection in my query however the parameters don't seem to apply to the command.
public static IList<Call> GetCallsFilter(string startdate, string enddate,List<String>ContextName, List<String>ValueName, List<String>TypeName)
{
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["BAMConnectionString"].ConnectionString))
{
connection.Open();
startdate += " 00:00:00";
enddate += " 23:59:59";
using (SqlCommand cmd = new SqlCommand("", connection))
{
cmd.CommandText = "SELECT dbo.Calls.CallID, dbo.Connections.Connectionname,dbo.Calls.ConnectionID, dbo.Calls.ParentID, dbo.Calls.StartTime, dbo.Calls.EndTime, REPLACE(dbo.Calls.Querytime, ',', '.') AS Querytijd, dbo.Calls.Template, dbo.Calls.Profilecall, dbo.Calls.Objectcall, dbo.Calls.Method, dbo.Calls.Error, dbo.Calls.Category, dbo.Calls.Uur, dbo.Calls.DayOfMonth, dbo.Repositorys.RepositoryName,dbo.Calls.ResultLink, REPLACE(MAX(Querytime) OVER (PARTITION BY DATEPART(yyyy, dbo.Calls.StartTime), DATEPART(M, dbo.Calls.StartTime), dbo.Calls.DayOfMonth, dbo.Calls.Uur, DATEPART(MINUTE, dbo.Calls.StartTime)), ',', '.') AS MaxQueryTime FROM dbo.Calls INNER JOIN dbo.Connections ON dbo.Calls.ConnectionID = dbo.Connections.ConnectionID INNER JOIN dbo.Repositorys ON dbo.Connections.RepositoryID = dbo.Repositorys.RepositoryID where StartTime BETWEEN '" + startdate + "' AND '" + enddate + "'";
if (ContextName != null && ValueName != null)
{
for (int i = 0; i < ContextName.Count; i++)
{
if (ContextName[i].ToString() != "Filter")
{
if (TypeName[i].ToString() == "LIKE")
{
cmd.CommandText += " AND exists (Select * from dbo.Context where CallID = dbo.Calls.CallID and Name=#Name and Value like #Value)";
cmd.Parameters.Add(new SqlParameter("Name", ContextName[i].ToString()));
cmd.Parameters.Add(new SqlParameter("Value", ValueName[i].ToString()));
}
else if (TypeName[i].ToString() == "=")
{
cmd.CommandText += " AND exists (Select * from dbo.Context where CallID = dbo.Calls.CallID and Name='" + Regex.Escape(ContextName[i].ToString()) + "' and Value = '" + Regex.Escape(ValueName[i].ToString()) + "')";
}
else if (TypeName[i].ToString() == "NOT LIKE")
{
cmd.CommandText += " AND exists (Select * from dbo.Context where CallID = dbo.Calls.CallID and Name='" + Regex.Escape(ContextName[i].ToString()) + "' and Value NOT like '%" + Regex.Escape(ValueName[i].ToString()) + "%')";
}
}
}
}
using (SqlDataAdapter adapter = new SqlDataAdapter(cmd))
{
CallData = new List<Call>();
DataTable table = new DataTable();
adapter.Fill(table);
foreach (DataRow rij in table.Rows)
{
CallData.Add(new Call() { CallID = Int64.Parse(rij[0].ToString()), Connectionname = rij[1].ToString(), ConnectionID = rij[2].ToString(), ParentID = rij[3].ToString(), StartTime = ((DateTime)rij[4]).ToString("d/MM/yyyy hh:mm:ss.fff"), EndTime = ((DateTime)rij[5]).ToString("d/MM/yyyy hh:mm:ss.fff"), Querytime = rij[6].ToString(), Template = rij[7].ToString(), Profile = rij[8].ToString(), Object = rij[9].ToString(), Method = rij[10].ToString(), Error = rij[11].ToString(), Category = rij[12].ToString(), Uur = rij[13].ToString(), DayOfMonth = rij[14].ToString(), Repository = rij[15].ToString(), Datum = rij[4].ToString(), ResultLink = rij[16].ToString(), MaxQuerytime = rij[17].ToString() });
}
}
}
}
return CallData;
}
Im currently just trying it out in the IF LIKE function but won't work atm.
public static IList<Call> GetCallsFilter(string startdate, string enddate,List<String>ContextName, List<String>ValueName, List<String>TypeName)
{
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["BAMConnectionString"].ConnectionString))
{
connection.Open();
startdate += " 00:00:00";
enddate += " 23:59:59";
using (SqlCommand cmd = new SqlCommand("", connection))
{
cmd.CommandText = "SELECT ";
cmd.CommandText += " dbo.Calls.CallID, ";
cmd.CommandText += " dbo.Connections.Connectionname, ";
cmd.CommandText += " dbo.Calls.ConnectionID, ";
cmd.CommandText += " dbo.Calls.ParentID, ";
cmd.CommandText += " dbo.Calls.StartTime, ";
cmd.CommandText += " dbo.Calls.EndTime, ";
cmd.CommandText += " REPLACE(dbo.Calls.Querytime, ',', '.') ";
cmd.CommandText += " AS ";
cmd.CommandText += " Querytijd, ";
cmd.CommandText += " dbo.Calls.Template, ";
cmd.CommandText += " dbo.Calls.Profilecall, ";
cmd.CommandText += " dbo.Calls.Objectcall, ";
cmd.CommandText += " dbo.Calls.Method, ";
cmd.CommandText += " dbo.Calls.Error, ";
cmd.CommandText += " dbo.Calls.Category, ";
cmd.CommandText += " dbo.Calls.Uur, ";
cmd.CommandText += " dbo.Calls.DayOfMonth, ";
cmd.CommandText += " dbo.Repositorys.RepositoryName, ";
cmd.CommandText += " dbo.Calls.ResultLink, ";
cmd.CommandText += " REPLACE(MAX(Querytime) OVER (PARTITION BY DATEPART(yyyy, dbo.Calls.StartTime), ";
cmd.CommandText += " DATEPART(M, dbo.Calls.StartTime), ";
cmd.CommandText += " dbo.Calls.DayOfMonth, ";
cmd.CommandText += " dbo.Calls.Uur, ";
cmd.CommandText += " DATEPART(MINUTE, dbo.Calls.StartTime)), ',', '.') ";
cmd.CommandText += " AS MaxQueryTime FROM dbo.Calls ";
cmd.CommandText += " INNER JOIN dbo.Connections ON ";
cmd.CommandText += " dbo.Calls.ConnectionID = dbo.Connections.ConnectionID ";
cmd.CommandText += " INNER JOIN dbo.Repositorys ON dbo.Connections.RepositoryID = dbo.Repositorys.RepositoryID ";
cmd.CommandText += " where StartTime BETWEEN #stardate AND #enddate ";
if (ContextName != null && ValueName != null)
{
for (int i = 0; i < ContextName.Count; i++)
{
if (ContextName[i].ToString() != "Filter")
{
cmd.CommandText += " AND exists ";
cmd.CommandText += "(Select * from dbo.Context ";
cmd.CommandText += " where CallID = dbo.Calls.CallID and Name=#Name and Value ";
cmd.CommandText += TypeName[i].ToString();
cmd.CommandText += " #Value)";
cmd.Parameters.AddWithValue("#Context", ContextName[i].ToString());
cmd.Parameters.AddWithValue("#Value", ValueName[i].ToString());
}
}
}
cmd.Parameters.AddWithValue("#startdate", startdate);
cmd.Parameters.AddWithValue("#enddate", enddate);
using (SqlDataAdapter adapter = new SqlDataAdapter(cmd))
{
CallData = new List<Call>();
DataTable table = new DataTable();
adapter.Fill(table);
foreach (DataRow rij in table.Rows)
{
CallData.Add(new Call() { CallID = Int64.Parse(rij[0].ToString()), Connectionname = rij[1].ToString(), ConnectionID = rij[2].ToString(), ParentID = rij[3].ToString(), StartTime = ((DateTime)rij[4]).ToString("d/MM/yyyy hh:mm:ss.fff"), EndTime = ((DateTime)rij[5]).ToString("d/MM/yyyy hh:mm:ss.fff"), Querytime = rij[6].ToString(), Template = rij[7].ToString(), Profile = rij[8].ToString(), Object = rij[9].ToString(), Method = rij[10].ToString(), Error = rij[11].ToString(), Category = rij[12].ToString(), Uur = rij[13].ToString(), DayOfMonth = rij[14].ToString(), Repository = rij[15].ToString(), Datum = rij[4].ToString(), ResultLink = rij[16].ToString(), MaxQuerytime = rij[17].ToString() });
}
}
}
}
return CallData;
}
Try using this
cmd.Parameters.AddWithValue("#Name", ContextName[i].ToString());
cmd.Parameters.AddWithValue("#Value", ValueName[i].ToString());
You have to add "#" to the parameter name.
new SqlParameter("#Name", ContextName[i].ToString())
new SqlParameter("#Value", ValueName[i].ToString())