How to retrieve data from database and display it on label

Question

0.00/5 (No votes)

See more:

I'm working on the Registration page for Lucky Draw system.So the process for registration is user need to scan their barcode using usb barcode scanner. I stuck on that part which i cannot check the employee id on database after user scan or type in the textbox. I also want to display the employee name after scan the barcode.Can anyone give me some ideas/solution.

What I have tried:

Below are my code:

C#

using System;  
using System.Collections.Generic;  
using System.Data;  
using System.Data.SqlClient;  
using System.IO;  
using System.Linq;  
using System.Web;  
using System.Web.UI;  
using System.Web.UI.WebControls;
public partial class Attendance : System.Web.UI.Page  
{  
    SqlCommand cmd = new SqlCommand();  
    SqlConnection con = new SqlConnection();  
    string str;  
    private string connectionString;  
  
    protected void Page_Load(object sender, EventArgs e)  
    {  
        con.ConnectionString = @"Data Source= (LocalDB)\MSSQLLocalDB; AttachDbFilename =   
          C:\Users\Nor  Asyraf  Mohd No\source\repos\LuckyDraw\LuckyDraw\App_Data\ticket.mdf;   
            Integrated Security = True";
        txtText.Focus();  
    }  
  
    protected void btnSave_Click(object sender, EventArgs e)  
    {  
        idcheck();  
        using (SqlConnection connection = new SqlConnection(connectionString))  
        {  
            using (SqlCommand command = connection.CreateCommand())  
            {  
                command.CommandText = "UPDATE EMPLOYEES SET Attendance = 'Present' WHERE EMP_ID = @id";  
                command.Parameters.AddWithValue("@id", txtText.Text);  
                connection.Open();  
  
                command.ExecuteNonQuery();  
  
                connection.Close();  
            }  
        }
    }  
  
public void idcheck()  
        {
        string query = "select EMP_ID from EMPLOYEES where EMP_ID='" + txtText.Text + "'";  
        SqlDataAdapter ada = new SqlDataAdapter(query, con);  
        DataTable dt = new DataTable();  
        ada.Fill(dt);  
        if (dt.Rows.Count > 0)  
        {  
            lblError.Text = dt.Rows[0]["EMP_NAME"].ToString();  
        }  
    }
    protected void Button1_Click1(object sender, EventArgs e)  
    {  
        Response.Redirect("Default.aspx");  
    }  
}

Posted 22-Mar-18 14:53pm

Member 13700339

Updated 22-Mar-18 19:45pm

Add a Solution

Comments

Bryian Tan 22-Mar-18 22:12pm

what the error message? try the update with an integer. command.Parameters.AddWithValue("@id", 1);

The second query does not have EMP_NAME in the select statement.

Member 13700339 22-Mar-18 22:25pm

Error message:

System.Data.SqlClient.SqlException: 'An attempt to attach an auto-named database for file C:\Users\Nor Asyraf Mohd No\Documents\Visual Studio 2017\LuckyDraw\LuckyDraw\App_Data\ticket.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.'

Richard Deeming 23-Mar-18 13:17pm

string query = "select EMP_ID from EMPLOYEES where EMP_ID='" + txtText.Text + "'";

That code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

You already know how to use parameters - you're using them correctly in the btnSave_Click method.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Vishal S. Kumbhar · Answer 1 · 2018-03-22T19:02:00

Solution 1

Considering your ID column is interger then you have to correct these line
"select EMP_ID from EMPLOYEES where EMP_ID='" + txtText.Text + "'"; "

as "select EMP_ID from EMPLOYEES where EMP_ID= " + txtText.Text + " "; " remove single quotes.

Posted 22-Mar-18 19:02pm

Vishal S. Kumbhar

dkamble 10358990 · Answer 2 · 2018-03-22T19:15:00

Solution 2

add EMP_NAME in select query and if EMP_ID is integer remove single quotes from where condition

Posted 22-Mar-18 19:15pm

dkamble 10358990

Member 8583441 · Answer 3 · 2018-03-22T19:46:00

Execute the SqlCommand string select * from the database table of yours
Try to execute with the
datareader = cmd.ExecuteReader() and read the data from the database like
if(datareader.Read())
label.InnerText = datareader["EmpID"].ToString();

Here i use <label> tag instead of <asp:label> tag.... It worked for me try this