How to show my account page after login in aspx - asp.net

I want to view my account page after login in Textbox for updating, here is my code
SqlCommand cmd = new SqlCommand("SP_SelectUser",con);
con.Open();
cmd.CommandText = "SP_SelectUser";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Connection = con;
cmd.Parameters.AddWithValue("#id", id);
int id = Convert.ToInt32(td.Rows[0]["id"]);
cmd.Parameters.AddWithValue("#id", "");
SqlDataReader dr = cmd.ExecuteReader();
td.Load(dr);
}
dr.Close();
name.Text = td.Rows[0]["name"].ToString();
emailid.Text = td.Rows[0]["emailid"].ToString();
passwd.Text = td.Rows[0]["Passwd"].ToString();
mobile.Text = td.Rows[0]["Mobile"].ToString();

First of all, your posted code is still not correct enough to make it clear what exactly your problem is.
For displaying a page from another page, you can use one of these options :
Response.Redirect("yourPage.aspx", false);
OR
Server.Transfer("yourPage.aspx", true);
You have to use either of these at the point in your code where you want to change the page from one to another.
Hope this helps.

Related

button wont save to database it comes to exception error

i made a asp.net site with 3 textboxes and 1 dropdown list and a save button evvry time i click it, it give back An exception of type 'System.NullReferenceException' occurred in Bon-Temps.dll but was not handled in user code.
it give this error on de code line
DataRow drow = ds.Tables["OpdrachtGever"].NewRow();
my question is why??
SqlConnection cnn = new SqlConnection();
cnn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["BT-1ConnectionString"].ConnectionString;
cnn.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "select * from OpdrachtGever";
cmd.Connection = cnn;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds, "OpdrachtGever");
SqlCommandBuilder cb = new SqlCommandBuilder(da);
DataRow drow = ds.Tables["OpdrachtGever"].NewRow();
drow["Naam"] = TextBox1.Text;
drow["Adres"] = TextBox2.Text;
drow["PostCode"] = TextBox3.Text;
drow["AantalPersonen"] = DropDownList1.SelectedItem;
ds.Tables["OpdrachtGever"].Rows.Add(drow);
da.Update(ds, "OpdrachtGever");
You have named your table as
da.Fill(ds, " OpdrachtGever ");
^ ^
but then you refer to it with
DataRow drow = ds.Tables["OpdrachtGever"].NewRow();
without any spaces.
There is a rogue space also on this line
ds.Tables["OpdrachtGever "].Rows.Add(drow);
^
It is not a good idea to have these spaces in your table name because they are not meaningfull for us (humans) and easy to forget. But, for the indexer of the table collection, a space makes a difference. So, when you pass the name with the wrong or missing spaces, the indexer is not able to find your table and returns null .

Load database data into asp.net page

I would like to know how to load data from a database into a asp.net form.
So I use code to get the data via a query "Select * From ... Where ... = ..."
Then I load it into a reader and
While (reader.read)
{ string sProductName = Convert.ToString(reader[1]);
/*
Now I need to display this name and all the other data
(selling price, etc) on the form
But as I do not know how many products there will be it (the form) has to change
as the database information does (more products get added or removed).
*/
}
I do not know how to do that last part. How to make the data found display on screen.
Thanks !
The data I need to display is a the Product Name, the Product Description and the Product Selling Price underneath headings with those names thats all.
For SQL Database,
Take gridview control with id="gridview1" (whatever you like but use same id in code)
SqlConnection sql= new SqlConnection("your data base connection");
SqlCommand cmd = new SqlCommand("select * from your_table_name", sql);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
gridview1.DataSource = ds;
gridview1.DataBind();
SqlConnection sql= new SqlConnection("your data base connection");
SqlCommand cmd = new SqlCommand("select * from your_table_name", sql);
sql.open();
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
Textbox1.Text=dr[0].ToString();
Textbox2.Text=dr[1].ToString();
Textbox3.Text=dr[2].ToString();
......................;
}
con.close();
NOTE:
While working with datareader sql connection must be open.
I use textboxes to show the values.You can use where ever it is necessary .dr[0].ToString(),.dr[1].ToString() .....Contains the values of database table

asp.net insert data into DB

con.Open();
cmd2 = new SqlCommand("insert into dailyWorkout('"+RadioButton1.Text+"', '"+RadioButton2.Text+"', '"+RadioButton3.Text+"', '"+RadioButton4.Text+"', '"+RadioButton5.Text+"', '"+Label1.Text+"')", con);
cmd2.ExecuteNonQuery();
Hey guys, been working on this website for a while, but I get an error when putting data into the database saying
Incorrect syntax near ')'.
With other stuff that I'm putting same way it works and this does not.
You should really really REALLY use parametrized queries to avoid SQL injection (and to boost performance; and avoid issues with type conversions etc.)
So I would recommend using code something like this:
// define your *parametrized* SQL statement
string insertStmt = "INSERT INTO dbo.YourTable(Col1, Col2, Col3) VALUES(#Val1, #Val2, #Val3);";
// put SqlConnection and SqlCommand into "using" blocks to ensure proper disposal
using(SqlConnection conn = new SqlConnection("-your-connection-string-here-"))
using(SqlCommand cmd = new SqlCommand(insertStmt, conn))
{
// set the parameters to the values you need
cmd.Parameters.AddWithValue("#Val1", "Some String here");
cmd.Parameters.AddWithValue("#Val2", 42);
cmd.Parameters.AddWithValue("#Val3", DateTime.Today.AddDays(-7));
// open connection, execute query, close connection right away
conn.Open();
int rowsAffected = cmd.ExecuteNonQuery();
conn.Close();
}
Points to remember:
ALWAYS use parametrized queries - do NOT concatenate together your SQL statements!
put the SqlConnection and SqlCommand into using(...) { ... } blocks to ensure proper disposal
always explicitly define the list of columns you want to use in a SELECT and also an INSERT statement
open connection as late as possible, execute query, close connection again right away
That will do the job but I strongly advice using Parameters.
con.Open();
cmd2 = new SqlCommand("insert into dailyWorkout values ('"+RadioButton1.Text+"', '"+RadioButton2.Text+"', '"+RadioButton3.Text+"', '"+RadioButton4.Text+"', '"+RadioButton5.Text+"', '"+Label1.Text+"')", con);
cmd2.ExecuteNonQuery();
Instead of the code above you'd better to use
cmd2 = new SqlCommand("insert into dailyWorkout values (#val1, #val2, #val3,#val4,#val5,#val6)", con);
cmd2.Parameters.AddWithValue("#val1",RadioButton1.Text);
cmd2.Parameters.AddWithValue("#val2",RadioButton2.Text);
cmd2.Parameters.AddWithValue("#val3",RadioButton3.Text);
cmd2.Parameters.AddWithValue("#val4",RadioButton4.Text);
cmd2.Parameters.AddWithValue("#val5",RadioButton5.Text);
cmd2.Parameters.AddWithValue("#val6",Label1.Text)
cmd2.ExecuteNonQuery();
Ok its already been mentioned, don't inject parameters like that.
But if you must, the problem is that your final sql string looks like:
insert into dailyWorkout('string1', 'string2', 'string3', 'string4', 'string5', 'string6')
when it should be
insert into dailyWorkout(columnName1,columnName2,columnName3,columnName4,columnName5,columnName6)
values('string1', 'string2', 'string3', 'string4', 'string5', 'string6')
But you should really consider:
var sqlCmd = new SqlCommand("insert into dailyWorkout(columnName1,columnName2,columnName3,columnName4,columnName5,columnName6) values(#v1, #v2, #v3, #v4, #v5, #v6)", default(SqlConnection));
sqlCmd.Parameters.Add("#v1", SqlDbType.NVarChar).Value = RadioButton1.Text;
sqlCmd.Parameters.Add("#v2", SqlDbType.NVarChar).Value = RadioButton2.Text;
sqlCmd.Parameters.Add("#v3", SqlDbType.NVarChar).Value = RadioButton3.Text;
sqlCmd.Parameters.Add("#v4", SqlDbType.NVarChar).Value = RadioButton4.Text;
sqlCmd.Parameters.Add("#v5", SqlDbType.NVarChar).Value = RadioButton5.Text;
sqlCmd.Parameters.Add("#v6", SqlDbType.NVarChar).Value = Label1.Text;
sqlCmd.ExecuteNonQuery();

Grid view with Datasource control

Sir,
Im doing a project in asp.net 4.0 with c#.I my project i want to display datas from the database to the grid view using Data Source Control. But while doing it im getting an eror called "The DataSourceID of 'GridView1' must be the ID of a control of type IDataSource. A control with ID 'System.Web.UI.WebControls.SqlDataSource' could not be found.".
My code is also givren below.
SqlCommand cmd = new SqlCommand("SPS_LeaveBalanceReport_DSO", Connect.con());
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("#ReportMonth", SqlDbType.NVarChar).Value =
SelectMonthDropDown.SelectedValue.ToString();
cmd.Parameters.Add("#ReportYear", SqlDbType.NVarChar).Value =
SelectYearDropDown.SelectedItem.Text.ToString();
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds, "tab");
GridView1.DataSourceID = SqlDataSource1.ToString();
GridView1.DataBind();
Please help me with error.,thanks In Advance.,
change
GridView1.DataSourceID = SqlDataSource1.ToString();
to
GridView1.DataSourceID = SqlDataSource1.ID;
The problem is no where in your cod ejust replace the line
GridView1.DataSourceID = SqlDataSource1.ToString();
with
GridView1.DataSource=ds;
it will work

facing problem in executing query [duplicate]

Dim con As SqlConnection
con = New SqlConnection("server=chinna; uid=sa; pwd=136018#h; database=icms")
con.Open()
Dim cmd As SqlCommand
cmd = New SqlCommand("select pass from personal where idno=" & TextBox1.Text, con)
cmd.CommandType = CommandType.Text
Dim rdr As SqlDataReader
rdr = cmd.ExecuteReader
If rdr.Read() Then
TextBox2.Text = rdr.ToString()
Response.Redirect("default.aspx")
Else
MsgBox("incorrect password")
You need to use parameters in your query:
cmd = New SqlCommand("select pass from personal where idno=#param", con)
cmd.Parameters.AddWithValue("param", TextBox1.Text);
Use ExecuteScalar instead of ExecuteReader.
Dim password As String
password = cmd.ExecuteScalar.ToString()
FYI, storing passwords in plain text and comparing like this is VERY bad practice. You should be encrypting the passwords with some one-way salted encryption and then doing the same on verification then comparing the encrypted values.
You are missing the DataSource assignment.
Add GridView1.DataSource = rdr before you call DataBind.
Your If block should look like:
If rdr.Read() Then
GridView1.Visible = True
GridView1.DataSource = rdr
GridView1.DataBind()
End If
Should be
cmd = New SqlCommand("select pass from personal where idno='" & TextBox1.Text & "'", con)
beyond that code seems for ASP.net. We can not execute MsgBox in VB.net that can appear on client browser.
use HasRows on rdr and set DataSourcefor GridView1
Dim rdr As SqlDataReader
rdr = cmd.ExecuteReader()
If rdr.HasRows Then
GridView1.Visible = True
GridView1.DataSource = rdr
GridView1.DataBind()
End If
What is your error or are you just getting a null for rdr?
I don't see an outpout paramenter. You need one. You only have an input parameter.
You need to somehow mark that the user was logged in, using a Session variable or a login identity. Otherwise, anyone can go to the logged in version of the page by simply navigating directly to it.
MsgBox( is not valid in asp.net, because it would display a message on the server, not on the client. Try using a Label on the page to display error messages by setting its text.
What is the problem you are having? Does it just "not work"? Does it not validate your password correctly? Do you get an exception of some sort? Can you post the results?

Resources