Reputation: 1
how to save textbox in database?
I used some textboxes to get some info from users + a sqldatasource
<table class="style1" >
<tr>
<td class="style3" colspan="3"
style="font-size: medium; font-family: 'B Nazanin';
font-weight: bold position: relative; right: 170px" >
تغییر اطلاعات شخصی
</td>
</tr>
<tr>
<td class="style3">
<asp:Label ID="Label1" runat="server" Text=" نام: " Font-Bold="True"
Font-Names="B Nazanin" Font-Size="Medium"></asp:Label>
</td>
<td class="style2">
<asp:TextBox ID="FirstName" runat="server"></asp:TextBox>
</td>
<td class="style4">
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"
Display="Dynamic" ErrorMessage="وارد کردن نام الزامی است"
ControlToValidate="FirstName">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td class="style3">
<asp:Label ID="Label2" runat="server" Text=" نام خانوادگی: "
Font-Bold="True" Font-Names="B Nazanin" Font-Size="Medium">
</asp:Label>
</td>
<td class="style2">
<asp:TextBox ID="LastName" runat="server"></asp:TextBox>
</td>
<td class="style4">
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"
Display="Dynamic" ErrorMessage="وارد کردن نام خانوادگی الزامی است"
ControlToValidate="LastName">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td class="style3">
<asp:Label ID="Label3" runat="server" Text=" شماره دانشجویی : "
Font-Bold="True" Font-Names="B Nazanin" Font-Size="Medium">
</asp:Label>
</td>
<td class="style2">
<asp:TextBox ID="StudentNumber" runat="server"></asp:TextBox>
</td>
<td class="style4">
<asp:RequiredFieldValidator ID="RequiredFieldValidator3"
runat="server" Display="Dynamic"
ControlToValidate="StudentNumber"
ErrorMessage="وارد کردن شماره دانشجویی الزامی است">*
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td class="style3">
<asp:Label ID="Label4" runat="server" Text=" تاریخ تولد : "
Font-Bold="True" Font-Names="B Nazanin" Font-Size="Medium">
</asp:Label>
</td>
<td class="style2">
<asp:TextBox ID="DateOfBirth" runat="server"></asp:TextBox>
</td>
<td class="style4">
<asp:CompareValidator ID="CompareValidator1" runat="server"
Display="Dynamic" Operator="DataTypeCheck"
ErrorMessage="تاریخ تولد معتبری را وارد نمایید"
Type="Date" ControlToValidate="dateOfBirth">
</asp:CompareValidator>
</td>
</tr>
<tr>
<td class="style3"> </td>
<td class="style2">
<asp:Button ID="SaveButton" runat="server" Text=" ذخیره تغییرات"
Width="102px" style="margin-right: 15px; height: 26px;" />
</td>
<td class="style4">
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString=
"<%$ ConnectionStrings:ASPNETDBConnectionString1 %>"
SelectCommand="SELECT aspnet_personalInformation.FirstName,
aspnet_personalInformation.LastName,
aspnet_personalInformation.StudentNumber,
aspnet_personalInformation.DateOfBirth
FROM aspnet_personalInformation
INNER JOIN aspnet_Users
ON aspnet_personalInformation.UserId = aspnet_Users.UserId
WHERE aspnet_personalInformation.UserId=aspnet_Users.UserId
ORDER BY aspnet_personalInformation.LastName"
InsertCommand="INSERT INTO aspnet_PersonalInformation(UserId)
SELECT UserId FROM aspnet_Profile">
</asp:SqlDataSource>
</td>
</tr>
</table>
I wanna save firstname lastname studentnumber and dateofbirth in aspnet_personalinformation table in database but before that, i fill one column of aspnet_personalinformation table named UserId by inserting sql command with aspnet_profile.userid
now by running this code my table has still blanks
protected void SaveButton_Click(object sender, EventArgs e)
{
string str =
"Data Source = .\\SQLEXPRESS;AttachDbFilename=|DataDirectory|
\\ASPNETDB.MDF;Integrated Security=True;User Instance=True";
SqlConnection con = new SqlConnection(str);
con.Open();
string query =
"INSERT INTO aspnet_PersonalInformation( FirstName,
LastName,StudentNumber,DateOfBirth)
VALUES ('" + this.FirstName.Text + "','" + this.LastName.Text + "','"
+ this.StudentNumber.Text + "','" + this.DateOfBirth.Text + "')
WHERE aspnet_PersonalInformation.UserId=aspnet_Profile.UserID";
SqlCommand cmd=new SqlCommand(query,con);
cmd.ExecuteNonQuery();
con.Close();
}
but it doesn't work
Upvotes: 0
Views: 2474
Answers (4)
Reputation: 8227
This query:
string query =
"INSERT INTO aspnet_PersonalInformation( FirstName,
LastName,StudentNumber,DateOfBirth)
VALUES ('" + this.FirstName.Text + "','" + this.LastName.Text + "','"
+ this.StudentNumber.Text + "','" + this.DateOfBirth.Text + "')
WHERE aspnet_PersonalInformation.UserId=aspnet_Profile.UserID";
won't work, because aspnet_Profile is another table in your database. You cannot do this because:
- It's not possible to set a WHERE statement, with the relative condition, in an INSERT statement;
- Even if it would be possible, you have to specify you're doing a join between the two tables;
Because you only have to save your user record, then you should:
Save your UserID in a variable and in the
aspnet_Profiletable, as you previously mentioned;Insert the related record using a query like this:
string userID = "A333D2FC-B4F1-420F-872B-7C872E82AD12"; /* your userId is stored in this variable */
string query = "INSERT INTO aspnet_PersonalInformation(UserID, FirstName, LastName, StudentNumber,DateOfBirth) " + "VALUES ('" + userID + "',' " + this.FirstName.Text + "','" + this.LastName.Text + "','" + this.StudentNumber.Text + "','" + this.DateOfBirth.Text + "') ";
Upvotes: 0
Reputation: 4388
you need to insert the userID to the table aspnet_PersonalInformation also. like this
INSERT INTO aspnet_PersonalInformation( FirstName, LastName,StudentNumber,DateOfBirth,UserID) VALUES ('" + this.FirstName.Text + "','" + this.LastName.Text + "','" + this.StudentNumber.Text + "','" + this.DateOfBirth.Text + "','" + aspnet_Profile.UserID + "')
Upvotes: 0
Reputation: 6253
I think you want to use an update statement, not insert.
Since your table was initially populated via INSERT INTO aspnet_PersonalInformation(UserId) SELECT UserId FROM aspnet_Profile you will be updating aspnet_PersonalInformation for a specific UserId.
Your query should be changed to:
string query =
"UPDATE aspnet_PersonalInformation Set FirstName='" + this.FirstName.Text
+ "', LastName = '" + this.LastName.Text
+ "', StudentNumber='" + this.StudentNumber.Text
+ "', DateOfBirth='" + this.DateOfBirth.Text
+ "' where aspnet_PersonalInformation.UserId = '" + <ID provided by form> + "'";
And you should pass a variable identifier for the where clause to replace <ID provided by form> with an actual user ID value.
There's likely a lot more to it than this. If the user record does not exist yet, then you will want to insert it, but do not put a where clause in your insert statement.
Also, you may want to look into using bind variables (AKA parameterized queries) instead of concatenating a big SQL string by pulling directly from user input. Your current query may be vulnerable to SQL injection depending on how the form data is processed (if it is not massaged to remove single quotes AKA the foot marker, for example, then a user can break the SQL by entering a single quote into one of the form fields.)
Using bind variables is a bit cleaner, to wit:
protected void SaveButton_Click(object sender, EventArgs e)
{
string connectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\ASPNETDB.MDF;Integrated Security=True;User Instance=True";
try
{
using (SqlConnection con = new SqlConnection(connectionString))
{
con.Open();
string query =
"UPDATE aspnet_PersonalInformation Set FirstName=@firstName, LastName=@lastName, StudentNumber=@studentNo, DateOfBirth=@dob where UserId = @userId";
SqlCommand cmd=new SqlCommand(query,con);
string userId = "Bob"; // should be an actual user ID, from form
cmd.Parameters.AddWithValue("@firstName", FirstName.Text);
cmd.Parameters.AddWithValue("@lastName", LastName.Text);
cmd.Parameters.AddWithValue("@studentNo", StudentNumber.Text);
cmd.Parameters.AddWithValue("@dob", DateOfBirth.Text);
cmd.Parameters.AddWithValue("@userId", userId);
Int32 rowsAffected = command.ExecuteNonQuery();
}
}
catch (Exception ex)
{
// examine ex.Message to figure out what went wrong
}
}
Upvotes: 1
Reputation: 8736
remove where condition
query = "INSERT INTO aspnet_PersonalInformation( FirstName, LastName,StudentNumber,DateOfBirth) VALUES ('" + this.FirstName.Text + "','" + this.LastName.Text + "','" + this.StudentNumber.Text + "','" + this.DateOfBirth.Text + "')";
Upvotes: 0
Related Questions
- saving data into sql database from textboxes asp.net C#
- How can I save my Textbox content in a database? Textbox is programmed in HTML and CSS
- Writing data to SQL database from ASP.NET textbox
- Value from text box not saved properly in database
- how to retrieve data from database into textbox and save the edited data from the same textbox to database
- c# How to insert textbox value and save it to sql database?
- Requirement regarding saving a text data in database(SQL)
- Storing Textbox values into Database
- Code to save textfield data to database
- Insert data into database table with text box