|
Did you look what actually ends up in strSQL? You are likely to spot problem in final query (with user input) then from this code alone. BTW for us here it's impossible to say if your code is ok since we don't know structure of your database.
In addition to what CG said, there is another problem with your code.
Ibuprofen wrote: " [DTG_Submit], [LoginID], [TestPhase]"+
" FROM t_EOT_User WHERE RecNum="+RecNum.Text;
I recon RecNum is Textbox or similar. Now, what happens when user write, for example "1 AND TRUE"? You will end up with all records updated instead of just one. It's serious security hole, known as SQL Injection.
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony. " - Morpheus
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe
|
|
|
|
|
RecNum is a label, not editable by the user.
|
|
|
|
|
I also have the benefit of having trained users, its for a data collection website, secured on a govt connection, only people from my company have access, and use it.
|
|
|
|
|
I used master/detail view to display records in database. The default add/update option in the detail view uses text box which I changed to template field so that I can use drop down list instead of text box. But the value that I have picked from the drop down list didn't get updated or inserted, is there anything I need to set to make it work.
The following is the code that I have used:
<br />
<asp:TemplateField HeaderText="Progress" SortExpression="Progress"><br />
<EditItemTemplate><br />
<asp:DropDownList ID="ddlProgress" runat="server" DataSourceID="SqlDataSource3" DataTextField="Progress" DataValueField="ProgressID"><br />
</asp:DropDownList><br />
<asp:SqlDataSource ID="SqlDataSource3" runat="server" ConnectionString="<%$ConnectionStrings:ExecutiveStatusReportConnectionString %>"<br />
SelectCommand="SELECT [ProgressID], [Progress] FROM [Progress]"></asp:SqlDataSource><br />
</EditItemTemplate><br />
<InsertItemTemplate><br />
<asp:DropDownList ID="ddlProgress" runat="server" DataSourceID="SqlDataSource3"<br />
DataTextField="Progress" DataValueField="ProgressID"><br />
</asp:DropDownList><br />
<asp:SqlDataSource ID="SqlDataSource3" runat="server" ConnectionString="<%$ConnectionStrings:ExecutiveStatusReportConnectionString %>"<br />
SelectCommand="SELECT [ProgressID], [Progress] FROM [Progress]"></asp:SqlDataSource><br />
</InsertItemTemplate><br />
<ItemTemplate><br />
<asp:Label ID="Label1" runat="server" Text='<%# Eval("Progress") %>'></asp:Label><br />
</ItemTemplate><br />
</asp:TemplateField><br />
Thanks for any suggestions.
|
|
|
|
|
im coming to asp.net from vb6 where we can code the keypress event. Ive looked at vb.net 2005(asp.net 2.0), i did not see keypress event where i can force numeric enytry in a text box.
Also i want to automatically converts characters as is being entered to uppercase
pls help
t.aransiola
|
|
|
|
|
<asp:TextBox id="txtNumber" Runat="server" />
<asp:RegularExpressionValidator ID="vldNumber" ControlToValidate="txtNumber" Display="Dynamic" ErrorMessage="Not a number" ValidationExpression="(^([0-9]*|\d*\d{1}?\d*)$)" Runat="server">
</asp:RegularExpressionValidator>
|
|
|
|
|
You have a keypress event if you do VB.NET in windows, but as you're doing ASP.NET, these events happen on the client, in javascript, not on the server, in VB. If you google, there are lots of examples of javascript scripts that you can run via the key pressed event on the client end to do what you're after.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
I have some surveys/questionnaires, that are rather long, some as long as 105 questions. The user is timing out before he can finish filling it out completely.
|
|
|
|
|
Timing out, how ? If they can see the whole thing, there shouldn't be any timeout while they are filling it in. 105 items doesn't seem like a lot to load, either ?
Perhaps you need to break it over several pages ?
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
I want to send SMS via ASP.NET Web Service.. Any One plz help me to write coding in C# code behind file...
|
|
|
|
|
Try using Google to search for Sending SMS With ASP.Net[^]
" In the next millennium there are two kinds of business, those on the Internet and those out of business"
Bill Gates
"Be nice to nerds. Chances are you'll end up working for one."
Bill Gates
"Let's face it, the average computer user has the brain of a Spider Monkey."
Bill Gates
|
|
|
|
|
Hi,
When the users upload a picture to my server using file upload control, i want to change uploaded picture's size programmaticly. how can i do that ? and the pictures will stay in my server after i change their sizes...
atarikg
Regards...
|
|
|
|
|
try here: http://aspnet.4guysfromrolla.com/articles/012203-1.aspx
|
|
|
|
|
Thanks man
|
|
|
|
|
Hi All,
How to export the data into excel file
Manoj Bisht
|
|
|
|
|
There is Article in CP Export Data into Excel[^] by Rama Krishna Kolluri.
Hope this article will help you.
Regards,
Satips.
|
|
|
|
|
How can I pass the value from texbox.text as parameter in my SQL query?
Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim txt As Integer
Dim updateCMD As SqlCommand
Dim query As String
txt = TextBox1.Text
query = "UPDATE [Temp] SET [value] = '??????' WHERE [name] = 'temprature'"
updateCMD = New SqlCommand(query, SQLconn)
updateCMD.CommandType = CommandType.Text
SQLconn.Open()
updateCMD.ExecuteNonQuery()
SQLconn.Close()
End Sub
Thanks
|
|
|
|
|
Modify query like this:
query = "UPDATE [Temp] SET [value] = @text WHERE [name] = 'temprature'"
Add this:
updateCMD.Parameters.AddWithValue("@text", Textbox1.Text);
|
|
|
|
|
Have you tried this :
----------------------------------------------
query = "UPDATE [Temp] SET [value] = '" + txt + "' WHERE [name] = 'temprature'"
Regards,
Mayank Parmar
Senior Software Engineer
Amba Tech
Gandhinagar, India
|
|
|
|
|
The first method by szukuro worked...
When I use this I get a error about converting data from char to integer probably because the data type in database is a Integer.
query = "UPDATE [Temp] SET [value] = '" + txt + "' WHERE [name] = 'temprature'"
Thanks guys.
|
|
|
|
|
When I use this I get a error about converting data from char to integer probably because the data type in database is a Integer.
query = "UPDATE [Temp] SET [value] = '" + txt + "' WHERE [name] = 'temprature'"
--------------------------------------------------------------------
Then you had to just reomve quotes.
Like :
query = "UPDATE [Temp] SET [value] = " + txt + " WHERE [name] = 'temprature'"
--------------------------------------------------------------------
Regards,
Mayank Parmar
Senior Software Engineer
Amba Tech
Gandhinagar, India
|
|
|
|
|
Hi Chaps,
Having a double request problem. I'm trying to figure out WHY it's double posting.
Checked the IIS Logs, and there are two almost identical records running a GET at the same time. The difference is in the very last number of the logs:
2007-04-27 09:04:32 192.168.0.12 GET <URL> 80 - 192.168.0.25 Nokia6600/+UP.Browser/7.0.2.3.119+(GUI)+MMP/2.0+Push/PO 302 0 0
2007-04-27 09:04:32 192.168.0.12 GET <URL> 80 - 192.168.0.25 Nokia6600/+UP.Browser/7.0.2.3.119+(GUI)+MMP/2.0+Push/PO 302 0 64
Note the "302 0 0" and the "302 0 64"
The 302 should mean a redirect, but i don't know what the 64 means, and i've spent far to long trying to find out.
Could anyone explain what it means, and what might cause such a double post in Asp.Net.
Tris
-------------------------------
Carrier Bags - 21st Century Tumbleweed.
|
|
|
|
|
This is the common problem happens with ASP.NET. If I understood your question properly then I think you might have pressed Refresh button after the first postback. When you press refresh button form will be again posted and data will be added again. You can solve this by redirecting to the same page after doing the process. Assume you have a button click event some think like
button1_click()
{
Redirect("currentpage.aspx");
}
This will add data and redirect to the same page. All postback data will be cleared and data won't be replicated on refreshing.
|
|
|
|
|
Hi
Cheers
It's a stand alone page that is redirected too, and then redirects out once complete.
The second 'GET' is a ghost.
Cheers
Tris
-------------------------------
Carrier Bags - 21st Century Tumbleweed.
|
|
|
|
|
Obvious question: are you calling Response.Redirect two times?
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony. " - Morpheus
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe
|
|
|
|