I write a code to retrieve to show data from Stored Procedure with ASP.NET like this
Private Sub AutoNumberVerification()
Dim Conn As New SqlConnection(strConn.ToString)
Dim cmd As New SqlCommand()
Try
cmd.Connection = Conn
cmd.CommandType = CommandType.StoredProcedure
Conn.Open()
If (txtProducerID.Text.Trim.Length = 9) Then
cmd.CommandText = "spProductCount"
cmd.Parameters.AddWithValue("#ID", txtProducerID.Text)
End If
Dim da As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
da.Fill(dt)
Dim dr As SqlDataReader = cmd.ExecuteReader()
dt.Load(dr)
If (convertInteger(dt.Rows(0)("estbProducerID").ToString) > 0) Then
cmd.CommandText = "spProductCount"
rdoEstbProducerList.Items.FindByValue(convertInteger(dt.Rows(0)("estbProducerID"))).Selected = True
End If
cmd.CommandText = "spProductCount"
TextBox11.Text = dt.Rows(0)("ALL").ToString
TextBox4.Text = dt.Rows(0)("FOOD").ToString
TextBox5.Text = dt.Rows(0)("DRINKS").ToString
TextBox6.Text = dt.Rows(0)("TAILOR").ToString
TextBox7.Text = dt.Rows(0)("USABLE").ToString
TextBox8.Text = dt.Rows(0)("HERB").ToString
cmd.CommandText = "spProductproveCounts"
TextBox12.Text = dt.Rows(0)("REGISTERED").ToString
Catch ex As Exception
Response.Write("ERROR Load: " & ex.Message)
Finally
Conn.Close()
End Try
End Sub
but it show an error = "REGISTERED" is not belong to the table
how can I use two stored procedures?
Just setting the cmd.CommandText to a stored procedure name will not execute it. You still need to call ExecuteReader after each change to the CommandText
Related
Private Sub TbDepot_KeyUp(sender As Object, e As KeyEventArgs) Handles TbDepot.KeyUp
con = New SqlConnection("Data Source=USER\SQLEXPRESS;Initial Catalog=Sap;Integrated Security=True")
con.Open()
Dim cmd0 As New SqlCommand("select * from dbo.Depot where Code=#code", con)
cmd0.Parameters.AddWithValue("#code", TbDepot.Text)
Dim dr As SqlDataReader
dr = cmd0.ExecuteReader()
If (dr.Read()) Then
LDepot.Text = dr.Item("Name")
dr.Close()
cmd1 = New SqlCommand("Select * from dbo.Item", con)
'cmd1.Parameters.AddWithValue("#depot", TbDepot.Text)
da1 = New SqlDataAdapter(cmd1)
dt1 = New DataTable()
da1.Fill(dt1)
GvRates.DataSource = dt1
Else
MessageBox.Show("Please type the correct entry")
TbDepot.Clear()
End If
con.Close()
End Sub
Please check the following code.
Hope you guys could give me some help.
I have a asp.net web form which gets data from SQL database and displays it on webpage via product code number or product description.
Searching by description will display a list of similar products where each list will have a button with the product code when clicked will open another site with extra product information,
e.g.
13892
14589
17485
00010
08890
The problem is all the codes that start from 1 upwards will show more details, but when I click on product codes that start with 0 such as 00010, 08890 will show no data when in fact there should be data.
Any help would be appreciated.
code I have below,
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Val(Request.QueryString("Stock_code")) <> 0 Then
Dim dt As DataTable = New DataTable
Dim strQuery As String = "SELECT STKCODE as [Stock_Code], STKNAME as [Stock_Description], STK_BASEPRICE as [Retail_Price], STK_SORT_KEY2 as [Pack_Size], STK_NOTES as [Notes], STK_P_WEIGHT as [Net_Weight], STK_S_WEIGHT as [Gross_Weight] FROM dbo.STK_STOCK WHERE STKCODE = '" & Val(Request.QueryString("Stock_code")) & "'"
Dim strQUery2 As String = "SELECT LOC_CODE as [Location_Code], LOC_NAME as [Location], LOC_PHYSICAL as [Physical_Stock] FROM dbo.STK_LOCATION WHERE LOC_CODE IN ('WH01','WH03','WH04','WH08','WH11')" & _
"AND LOC_STOCK_CODE = '" & Val(Request.QueryString("Stock_code")) & "'"
Dim strQuery3 As String = "SELECT STKLANG_STOCKNAME as [Chinese_Description] FROM dbo.STK_STOCK_LANG WHERE STKLANG_STOCKCODE ='" & Val(Request.QueryString("stock_code")) & "'"
Dim strQuery4 = "SELECT STK_SELLPRICE1 as [Retail_Price], STK_SELLPRICE5 as [Retail_Rest_Split] FROM dbo.STK_STOCK_2 WHERE STKCODE2 = '" & Val(Request.QueryString("stock_code")) & "'"
Using cmd4 As SqlCommand = New SqlCommand(strQuery4)
Dim da3 As SqlDataAdapter = New SqlDataAdapter
Dim dt4 As New DataTable
cmd4.Connection = cnn : cnn.Open()
da3.SelectCommand = cmd4
da3.Fill(dt4)
For i = 0 To dt4.Rows.Count - 1
Label8.Text = dt4.Rows(i).Item("Retail_Rest_Split")
Next
End Using
cnn.Close()
Using cmd As SqlCommand = New SqlCommand(strQuery)
Dim sda As SqlDataAdapter = New SqlDataAdapter
cmd.Connection = cnn : cnn.Open()
sda.SelectCommand = cmd
sda.Fill(dt)
For i = 0 To dt.Rows.Count - 1
Label7.Text = dt.Rows(i).Item("Stock_Code")
Label1.Text = dt.Rows(i).Item("Notes")
Label3.Text = dt.Rows(i).Item("Retail_Price")
Label4.Text = dt.Rows(i).Item("Pack_Size")
Label5.Text = dt.Rows(i).Item("Stock_Description")
'Label8.Text = dt.Rows(i).Item("Pack_Size")
Label9.Text = dt.Rows(i).Item("Net_Weight")
Label10.Text = dt.Rows(i).Item("Gross_Weight")
GridView1.DataSource = dt
GridView1.DataBind()
Next
End Using
cnn.Close()
Dim dt3 As DataTable = New DataTable
Using cmd3 As SqlCommand = New SqlCommand(strQuery3)
Dim da2 As SqlDataAdapter = New SqlDataAdapter
cmd3.Connection = cnn : cnn.Open()
da2.SelectCommand = cmd3
da2.Fill(dt3)
End Using
For i = 0 To dt3.Rows.Count - 1
Label6.Text = dt3.Rows(i).Item("Chinese_Description")
Next
Dim cmd2 As New SqlCommand
Dim dt2 As New DataTable
Dim da As New SqlDataAdapter
With cmd2
.Connection = cnn
.CommandText = strQUery2
End With
da.SelectCommand = cmd2
da.Fill(dt2)
GridView1.DataSource = dt2
GridView1.DataBind()
End If
End Sub
You want to use a paramaterized query like this (I'm going to fold that query string to make it more readable without having to scroll horizontally):
Dim strQuery As String = "SELECT STKCODE as [Stock_Code], STKNAME as [Stock_Description],
STK_BASEPRICE as [Retail_Price], STK_SORT_KEY2 as
[Pack_Size], STK_NOTES as [Notes], STK_P_WEIGHT as
[Net_Weight], STK_S_WEIGHT as [Gross_Weight] FROM
dbo.STK_STOCK WHERE STKCODE = #StockCode"
Using cmd As New SqlCommand(strQuery)
cmd.Parameters.AddWithValue("#StockCode", Request.QueryString("Stock_code"))
' Do your other stuff here.
End Using
Note, that you don't want to just use string concatenation to insert your query parameter. That opens you up to SQL injection attacks.
Instead, you use a placeholder in your query like #StockCode. Then you call AddWithValue on the command to give it the value of that parameter.
You can also explicitly specify the parameter type if you need to:
' Add CustomerID parameter for WHERE clause.
command.Parameters.Add("#ID", SqlDbType.Int)
command.Parameters("#ID").Value = customerID
Assuming they are all 5 digit codes, this will make sure the stock code is numeric.
Replace
Val(Request.QueryString("Stock_code"))
with
String.Format("{0:00000}", Integer.Parse(Request.QueryString("Stock_code")))
Will raise an exception if Request.QueryString("Stock_code") is not parsed as integer, which prevents against malicious injection.
For example:
Dim stockCode = String.Format("{0:00000}", Integer.Parse(Request.QueryString("Stock_code")))
Dim strQuery As String = "SELECT STKCODE as [Stock_Code], STKNAME as [Stock_Description], STK_BASEPRICE as [Retail_Price], STK_SORT_KEY2 as [Pack_Size], STK_NOTES as [Notes], STK_P_WEIGHT as [Net_Weight], STK_S_WEIGHT as [Gross_Weight] FROM dbo.STK_STOCK WHERE STKCODE = '" & stockCode & "'"
Dim strQUery2 As String = "SELECT LOC_CODE as [Location_Code], LOC_NAME as [Location], LOC_PHYSICAL as [Physical_Stock] FROM dbo.STK_LOCATION WHERE LOC_CODE IN ('WH01','WH03','WH04','WH08','WH11')" & "AND LOC_STOCK_CODE = '" & stockCode & "'"
Dim strQuery3 As String = "SELECT STKLANG_STOCKNAME as [Chinese_Description] FROM dbo.STK_STOCK_LANG WHERE STKLANG_STOCKCODE ='" & stockCode & "'"
Dim strQuery4 = "SELECT STK_SELLPRICE1 as [Retail_Price], STK_SELLPRICE5 as [Retail_Rest_Split] FROM dbo.STK_STOCK_2 WHERE STKCODE2 = '" & stockCode & "'"
#dwilliss has just answered the question using parameters, which is probably better than my method. Posting this anyway
GM everybody
i'm finding some issues in the implementation of my shopping cart
The query works but it doesn't store information in session.
Will i fix the query or the problem is the session ?
Here the code :
Dim constr As String = ConfigurationManager.ConnectionStrings("!aCommerce-ConnectionString!").ConnectionString
' Query SQL
Using cmd As New SqlCommand("SELECT Id,NomeProdotto, PrezzoProdotto, Quantità FROM aProdotti WHERE ID='" + Request.QueryString("ID").ToString + "' OR ID='" + Request.QueryString("ID").ToString + "'")
Using sda As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
Session("dt") = dt
sda.Fill(dt)
GridView1.DataSource = dt
GridView1.DataBind()
End Using
End Using
End Using
change you code to below
Dim constr As String = ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString
Dim con As New SqlConnection()
con.ConnectionString = constr
con.Open()
' Query SQL
Using cmd As New SqlCommand("SELECT Id,PromoCode as NomeProdotto,PromoCodeMessage as PrezzoProdotto, PromoCodeLimit as Quantità FROM EventPromocodetbl WHERE ID=" & Request.QueryString("ID").ToString & "", con)
Using sda As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
sda.Fill(dt)
Dim SessionDt As New DataTable()
SessionDt = Session("dt")
If Not SessionDt Is Nothing Then
If (dt.Rows.Count > 0) Then
Dim dr As DataRow
dr = SessionDt.NewRow()
dr("Id") = dt.Rows(0)("Id").ToString()
dr("NomeProdotto") = dt.Rows(0)("NomeProdotto").ToString
dr("PrezzoProdotto") = dt.Rows(0)("PrezzoProdotto").ToString
dr("Quantità") = dt.Rows(0)("Quantità").ToString
SessionDt.Rows.Add(dr)
End If
Session("dt") = SessionDt
GridView1.DataSource = SessionDt
GridView1.DataBind()
Else
Session("dt") = dt
GridView1.DataSource = dt
GridView1.DataBind()
End If
End Using
End Using
Problem is you are assigning blank DatatTable to session and then you are filling that DataTable using DataAdapter fill method that is issue.
How can I call a stored procedure in the following code instead if the sqlcommand statement,
<WebMethod> _
Public Function GetPtPrt() As String
Dim constr As String = ConfigurationManager.ConnectionStrings("ARTSQLConStrng").ConnectionString
Using con As New SqlConnection(constr)
Using cmd As New SqlCommand("SELECT TblRegjoin.PrtFilenum, TblReg.Fname + ' ' + TblReg.Sname + ' ' + TblReg.Lname, PrtStatus FROM TblReg INNER JOIN TblRegjoin ON TblReg.Filenum = TblRegjoin.PrtFilenum WHERE (TblRegjoin.PtFilenum = 15090248) ORDER BY TblRegjoin.PrtFilenum")
cmd.Connection = con
Dim ds As New DataSet()
Using sda As New SqlDataAdapter(cmd)
sda.Fill(ds, "PtPrt")
End Using
Return ds.GetXml()
End Using
End Using
End Function
Try This:
<WebMethod> _
Public Function GetPtPrt() As String
Dim constr As String = ConfigurationManager.ConnectionStrings("ARTSQLConStrng").ConnectionString
Using con As New SqlConnection(constr)
Using cmd As New SqlCommand("ProcedureName", con)
cmd.CommandType = CommandType.StoredProcedure
cmd.Connection = con
Dim ds As New DataSet()
Using sda As New SqlDataAdapter(cmd)
sda.Fill(ds, "PtPrt")
End Using
Return ds.GetXml()
End Using
End Using
End Function
Hope it helps.
I am working on asp.net using VB and SQL database
I have two tables mst_Emp & mst_dept
mst_dept got following columns (dpt_ID(PK),dpt_name,dpt_descrip)
mst_Emp got following columns (Emp_ID,Emp_FirstName,Emp_LastName,Emp_Address,Emp_ContactNo,Dept_ID(Foreign key),Marital_Status,Gender)
Now I have a Employee Detail Form in that I have Department Name label(DataBind from mst_Dept) and I have DropDownList for that to select. If some choose value from DropDownList I want it to get stored by Dept_ID in database. How can I do that ?
Try binding your Department Dropdownlist like
Using sqlconn As New SqlConnection(ConfigurationManager.ConnectionStrings("Conn").ConnectionString)
If sqlconn.State = ConnectionState.Closed Then
sqlconn.Open()
End If
Dim ds As New DataSet()
Dim qry As String = "Select dpt_ID,dpt_name from mst_Dept"
Using cmd As New SqlCommand(qry, sqlconn)
Dim sda As New SqlDataAdapter(cmd)
sda.Fill(ds)
D_ddlDepartment.DataSource = ds
D_ddlDepartment.DataValueField = "dpt_ID"
D_ddlDepartment.DataTextField = "dpt_name"
D_ddlDepartment.DataBind()
D_ddlDepartment.Items.Insert(0, "-- Select Department --")
If sqlconn.State = ConnectionState.Open Then
sqlconn.Close()
End If
End Using
End Using
and you can access the Dept_id like
Dim Deptid As Integer = Convert.ToInt32(D_ddlDepartment.SelectedValue)
FINALLY GOT IT THANKS :-)
Dim ds As New DataSet
Dim cmd1 As SqlCommand = New SqlCommand()
Dim sqlconn As SqlConnection = New SqlConnection()
sqlconn.ConnectionString = "Data Source=PRGM\SQLEXPRESS;Initial Catalog=HRMS;Integrated Security=True"
sqlconn.Open()
cmd1 = New SqlCommand("select Dpt_ID,Dpt_Name from mst_Dept", sqlconn)
'Dim qry As String = "select Dpt_ID,Dpt_Name from mst_Dept"
'cmd1 As New SqlCommand(qry, sqlconn)
Dim sda As New SqlDataAdapter(cmd1)
sda.Fill(ds)
DropDownList1.DataSource = ds.Tables(0)
DropDownList1.DataValueField = ds.Tables(0).Columns("Dpt_ID").ColumnName
DropDownList1.DataTextField = ds.Tables(0).Columns("Dpt_Name").ColumnName
DropDownList1.DataBind()
DropDownList1.Items.Insert(0, "-- Select Department --")
sqlconn.Close()
End If