Stc5097
Reputation: 289
trying to insert data into a database using asp.net and c#
I am trying to insert data into a table when a button on my asp.net page is clicked. I don't get any errors, but when I try to redirect the user to a new page after the information is inserted, it stays on the same page. Below is my code.
SqlConnection db = new SqlConnection();
db.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["AboutYouEntities"].ConnectionString;
db.Open();
SqlCommand insertUser = new SqlCommand();
SqlCommand insertContact = new SqlCommand();
insertUser.CommandText = "INSERT into USER (Email, Name, Gender, BirthDate, LinuxDistro) VALUES ('" + userInfo.Email + "','" + userInfo.Name + "','" + userInfo.Gender + "','" + userInfo.BirthDate + "','" + userInfo.LinuxDistro + "')";
insertContact.CommandText = "INSERT into CONTACT (Phone, Zip, Comments) VALUES ('" + userContact.Phone + "','" + userContact.Zip + "','" + userContact.Comments + "')";
insertUser.ExecuteNonQuery();
insertContact.ExecuteNonQuery();
db.Close();
Response.Redirect("ThankYou.aspx");
Upvotes: 0
Views: 1163
Answers (1)
Habib
Reputation: 223372
Few problems with your code:
- You haven't attached connection with your commands.
- USER is reserve word and should be enclosed in square brackets like
[USER] - You should parametrized your query, you are prone to SQL Injection.
- Consider enclosing
SqlConnectionandSqlCommandobject inusingstatement as it will ensure disposal of the resources.
Code:
using (SqlConnection db = new SqlConnection())
{
db.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["AboutYouEntities"].ConnectionString;
db.Open();
using (SqlCommand insertUser = new SqlCommand())
{
insertUser.Connection = db;
insertUser.CommandText = "INSERT into [USER] (Email, Name, Gender, BirthDate, LinuxDistro) VALUES (@Email, @Name, @Gender,@BirthDate, @LinuxDistro);";
insertUser.Parameters.AddWithValue("@Email", userInfo.Email);
insertUser.Parameters.AddWithValue("@Name", userInfo.Name);
insertUser.Parameters.AddWithValue("@Gender", userInfo.Gender);
insertUser.Parameters.AddWithValue("@BirthDate", userInfo.BirthDate);
insertUser.Parameters.AddWithValue("@LinuxDistro", userInfo.LinuxDistro);
insertUser.ExecuteNonQuery();
}
using (SqlCommand insertContact = new SqlCommand())
{
insertContact.Connection = db;
insertContact.CommandText = "INSERT into CONTACT (Phone, Zip, Comments) VALUES (@Phone, @Zip, @Comments);";
insertContact.Parameters.AddWithValue("@Phone", userContact.Phone);
insertContact.Parameters.AddWithValue("@Zip", userContact.Zip);
insertContact.Parameters.AddWithValue("@Comments", userContact.Comments);
insertContact.ExecuteNonQuery();
}
}
Upvotes: 1
Related Questions
- inserting data into SQL DB from C# ASP.NET
- Insert data into SQL Server from C# code
- No errors but still data not inserted to SQL Server table using ASP.NET with C#
- Inserting data into SQL table from asp.net form
- Trying to insert data into a table of a database through c#/asp.net
- inserting data into database using asp.net c#
- Inserting into SQL Server database ASP.net
- sql insert into asp.net
- Inserting data to SQL Server database in asp.net c#
- Unable to insert data to database in asp.net C#