How to make this method for inserting the user who is not in the database to it?

Question

0.00/5 (No votes)

See more:

I am using an ASP.NET wizard control for editing the role of the user after showing its information. The wizard consists of three steps:

Hello everybody,

First Step: contains a textbox where the admin will put the username of the user

Second Step: it will show the information of the user

Third Step: it is for editing the role of the user

Since I am developing an intranet web applicaiton for the company, the Admin doesn't need to know if the user is on the database or not. So I want the system automatically to check in the background if the user is on the database or not. If he is in the database, the role will be edited for him immediately. If he is not in the database, his information will be added to the system with giving him a role.

C#

protected void Wizard1_FinishButtonClick(object sender, WizardNavigationEventArgs e)
        {
            //If one of the items is selected AND a username exists in the Username session object update the user role
            string username = TextBox1.Text;
    
            if (!String.IsNullOrEmpty(radio1.SelectedValue) && !String.IsNullOrEmpty(username))
            {
                string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
    
                string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";
                string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
                
                using (SqlConnection conn = new SqlConnection(connString))
                {
                    conn.Open();
                    // Open DB connection.
                    using (SqlCommand cmd = new SqlCommand(cmdText, conn))
                    {
                        if ((int)cmd.ExecuteScalar() == 0)){
                            SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn)
                            cmd2.Parameters.AddWithValue("@Name", name);
                            cmd2.Parameters.AddWithValue("@Username", username);
                        }
                        
                    }
                }
    
                string deleteCommand = "DELETE FROM UserRole where Username=@Username";
                string insertCommand = "INSERT INTO UserRole (RoleID,Username) values(@RoleID,@Username)";
                using (SqlConnection conn = new SqlConnection(connString))
                {
                    conn.Open();
                    //using (SqlCommand cmd = new SqlCommand(cmdText, conn))
                    using (SqlCommand cmd = new SqlCommand(deleteCommand, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.ExecuteNonQuery();
                        //Now the insert
                        cmd.CommandText = insertCommand;
                        cmd.Parameters.Clear(); //need this because still has params from del comm
                        cmd.Parameters.AddWithValue("@RoleID", radio1.SelectedValue);
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.ExecuteNonQuery();
                        //infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
                        //cmd.ExecuteScalar();
                        //infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
                    }
                }
    
                Wizard1.Visible = false;
                wizard.InnerHtml = @"The task has been done successfully. <br /> <a href="UserManagement.aspx">Edit Another User</a>";
            }
    
    
        }

I did everything correct and fine except for the case that the user is not in the database. I just added one method inside the Wizard1_FinishButtonClick() and it crashed everything and I did not know how to fix it. Any help please?

Posted 6-Dec-11 1:50am

matrix388

Updated 6-Dec-11 19:20pm

v2

Add a Solution

Comments

Wendelius 6-Dec-11 8:03am

If you debug the code above, what error you get and where?

Tech Code Freak 6-Dec-11 8:12am

Please give some details about the error you are receiving (what and where).

Programm3r 6-Dec-11 9:58am

This won't answer your question, but just a word of advice. Abstract your data layer from UI layer. Secondly, your code is prone to SQL injection.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-12-06T20:27:00

The only problems I can see are:
1) You are issueing an INSERT command with 6 parameters:

C#

string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";

But you are only supplying 2 of them:

C#

SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn)
cmd2.Parameters.AddWithValue("@Name", name);
cmd2.Parameters.AddWithValue("@Username", username);

You need to add the remaining paramaters to the SqlCommand object.

2) You do not action the command. Add a

C#

cmd2.ExecuteNonQuery();