Quote:
Show the error message and prevent duplicated vote
2 approaches:
- Do a select for the student id, if the result is a record, the student already voted. This can get unlucky if student try to vote simultaneously on 2 computers.
- Design table to have student id unique or primary key, this way, the server will reject insert. To know how the insert did, check its result.
String query = "insert into voting (CandidateStudentID,voterStudentID,DateTime)values ('" + lblStudentId.Text + "','" + Session["UserName"].ToString() + "','" + time.ToString(format) + "')";
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[
^]
SQL Injection[
^]
SQL Injection Attacks by Example[
^]
PHP: SQL Injection - Manual[
^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[
^]
[Update]
Quote:
I can't select the studentID, because the studentID will show the particular student vote for the particular candidate.
Yes you can. You just have to not query all fields of table, just query 1 field, the student id.