Home > DeveloperSection > Forums > how to enter data to sql column(data type is text)
marcel ethan
marcel ethan

Total Post:105

Points:735
Posted on    December-18-2013 1:03 AM

 ASP.Net ASP.Net 
Ratings:


 1 Reply(s)
 989  View(s)
Rate this:

I have a project in asp.net, it is an online bus reservation ticket system.

I have error while I try to insert data into my database.

Data which comes from the text box does not match with the data type of my column.

Column name is maplink and datatype is text.

Here is my c# code.

protected void add_Click(object sender, EventArgs e)

 {

         using (SqlConnection con = new SqlConnection("Data Source=JIHAD-PC;Initial Catalog=OBTRS;Integrated Security=True"))

          {

              using (SqlCommand cmd = new SqlCommand())

              {

                  cmd.Connection = con;

                  cmd.CommandText = "INSERT INTO ROUTE

                     ([FROM],[TO],MONDAY,TUESDAY,WEDNESDAY,THURSDAY,

                       FRIDAY,SATURDAY,SUNDAY,FARE,MAPLINK)

                      VALUES ("

                      + DropDownList1.SelectedIndex.ToString() + ","

                      + DropDownList2.SelectedIndex.ToString() + ","

                      + monday + "," + thusday + ","

                      + wednesday + "," + thursay + ","

                      + friday + "," + saturday + ","

                      + sunday + "," + Int32.Parse(fare.ToString()) + ","

                      + maplink.Text + ")";//**here is my error<-----------------------**

                  using (SqlDataAdapter adp = new SqlDataAdapter())

                  {

                      adp.SelectCommand = cmd;

                      DataTable tablo = new DataTable();

                      adp.Fill(tablo);

                  }

              }

          }

    }



ezra heywood
ezra heywood

Total Post:145

Points:1019
Posted on    December-18-2013 1:32 AM

Hi Marcel,

You should REALLY use parametrized queries - ALWAYS, no exceptions. Those are safe against SQL injection attacks, and they're often faster, too.

protected void add_Click(object sender, EventArgs e)

{

    string insertStmt = "INSERT INTO dbo.ROUTE([FROM], [TO], MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY, FARE, MAPLINK) " +

                        "VALUES(@From, @To, @Monday, @Tuesday, @Wednesday, @Thursday, @Friday, @Saturday, @Sunday, @Fare, @Maplink)";

    using (SqlConnection con = new SqlConnection("Data Source=JIHAD-PC;Initial Catalog=OBTRS;Integrated Security=True"))

    using (SqlCommand cmd = new SqlCommand(insertStmt, con))

    {

        // fill the parameters

        cmd.Parameters.Add("@From", SqlDbType.Varchar, 50).Value = DropDownList1.SelectedIndex.ToString();

        cmd.Parameters.Add("@To", SqlDbType.Varchar, 50).Value = DropDownList2.SelectedIndex.ToString();

        cmd.Parameters.Add("@Monday", SqlDbType.Int).Value = monday;

        cmd.Parameters.Add("@Tuesday", SqlDbType.Int).Value = tuesday;

        cmd.Parameters.Add("@Wednesday", SqlDbType.Int).Value = wednesday;

        cmd.Parameters.Add("@Thursday", SqlDbType.Int).Value = thursday;

        cmd.Parameters.Add("@Friday", SqlDbType.Int).Value = friday;

        cmd.Parameters.Add("@Saturday", SqlDbType.Int).Value = saturday;

        cmd.Parameters.Add("@Sunday", SqlDbType.Int).Value = sunday;

        cmd.Parameters.Add("@Fare", SqlDbType.Int).Value = fare;

        cmd.Parameters.Add("@Maplink", SqlDbType.VarChar, 100).Value = maplink.Text;

        // open connection, execute INSERT command, close connection

        con.Open();

        cmd.ExecuteNonQuery();

        con.Close();

    }

}


Don't want to miss updates? Please click the below button!

Follow MindStick