Click here to Skip to main content
15,891,905 members
Search within:


plz correct the bellow cod for entering datas from a asp.net form to database table.....
Please Sign up or sign in to vote.
1.00/5 (4 votes)
See more:
C#
C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class user_onlinepatientregistration : System.Web.UI.Page
{
    Class1 ob = new Class1();
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {


            bindcountry();
            // clear();

        }
    }
    void clear()
    {
        bindcountry();
        bind_state();
        bind_city();
        pn.Text = "";
        age.Text = "";
        pq.Text = "";
        pno.Text = "";
        email.Text = "";
        add.Text = "";

    }


    public void bindcountry()
    {
        ob.fetch("select * from admin_country order by countryid");
        drdcon.Items.Clear();
        drdcon.DataSource = ob.ds.Tables[0];
        drdcon.DataTextField = "countryname";
        drdcon.DataBind();
        drdcon.Items.Insert(0, "select");
    }
    protected void btnsubmit_Click(object sender, EventArgs e)
    {
        if (pn.Text.Trim() == "")
        {
            lblmsgpn.Text = "name should not blank";
            pn.Focus();
            return;
        }
        if (pq.Text.Trim() == "")
        {
            lblmsgpq.Text = "patient query should not be blank";
            pq.Focus();
            return;
        }
        if (email.Text.Trim() == "")
        {
            lblmsgemail.Text = "Email Id should not be blank";
            email.Focus();
            return;
        }
        if (pno.Text.Trim() == "")
        {
            lblmsgpno.Text = "Mobile should not be blank";
            pno.Focus();
            return;
        }
        if (drdcon.SelectedIndex == 0)
        {
            lblmsgcon.Text = "Country name most be selected";
            drdcon.Focus();
            return;
        }
        if (drdst.SelectedIndex == 0)
        {
            lblmsgst.Text = "State  name most be selected";
            drdst.Focus();
            return;
        }
        if (drdge.SelectedIndex == 0)
        {
            lblmsgage.Text = "Security question must be selected";
            drdge.Focus();
            return;
        }

        if (drddept.SelectedIndex == 0)
        {
            lblmsgdept.Text = "Security question must be selected";
            drddept.Focus();
            return;
        }

        if (drddoctor.Text.Trim() == "")
        {
            lblmsgdr.Text = "Answer should not be blank";
            drddoctor.Focus();
            return;
        }
        ob.fetch("select Email from onlinepatient_reg where Email='" + email.Text + "'");
        if (ob.ds.Tables[0].Rows.Count > 0)
        {
            lblmsgemail.Text = "Already Exists";
            email.Text = "";
            email.Focus();
            return;
        }
        else
        {
            if (ob.dml_statment("insert into onlinepatient_reg values('" + pn.Text.Trim() + "','" + drdge.Text.Trim() + "','" + age.Text.Trim() + "','" + pq.Text.Trim() + "';'" + drddept.Text.Trim() + "','" + drddoctor.Text.Trim() + "','" + pno.Text.Trim() + "','" + email.Text.Trim() + "','" + add.Text.Trim() + "','" + drdcon.SelectedItem.Text + "', '" + drdst.SelectedItem.Text + "','" + drdcit.SelectedItem.Text + "','" + "')") > 0)
            {
                Response.Write("<script LANGUAGE='JavaScript'>alert('Data Submitted Sucessfully')</script>");

                clear();
            }

        }
    }

    public void bind_state()
    {
        ob.fetch("select * from admin_state where country='" + drdcon.SelectedItem.Text + "'");
        drdst.Items.Clear();
        drdst.DataSource = ob.ds.Tables[0];
        drdst.DataTextField = "statename";
        drdst.DataBind();
        drdst.Items.Insert(0, "select");
    }

    protected void drdcon_SelectedIndexChanged(object sender, EventArgs e)
    {
        bind_state();
    }
    public void bind_city()
    {
        ob.fetch("select * from admin_city where state='" + drdst.SelectedItem.Text + "'");
        drdcit.Items.Clear();
        drdcit.DataSource = ob.ds.Tables[0];
        drdcit.DataTextField = "cityname";
        drdcit.DataBind();
        drdcit.Items.Insert(0, "select");
    }
    protected void drdst_SelectedIndexChanged(object sender, EventArgs e)
    {
        bind_city();
    }


    protected void Button2_Click(object sender, EventArgs e)
    {
        Response.Write("REGISTRATION SUCCESSFUL");
    }

    protected void Button3_Click(object sender, EventArgs e)
    {
        clear();
        drdcit.SelectedIndex = 0;
        email.Focus();
    }
}
Posted
Add a Solution
Comments
Thomas Nielsen - getCore 5-Mar-14 13:01pm    
What is your class Class1 == ob, definition?
dan!sh 5-Mar-14 13:28pm    
And why exactly should we do this? You do realize no one here gets money to help. We help people you try things out and cannot figure it out after putting in effort.
sipun002 11-Mar-14 3:16am    
thank you sir for your information.
CHill60 7-Mar-14 12:38pm    
You'll also get better responses if you explain what you mean by "correct" - what is the problem? By the way, the word is "please" not "plz" ... avoidance of text-speak can also yield better response times
sipun002 11-Mar-14 3:19am    
thank u sir for your suggestion.Problem is that after entering datas these are not save on database..

1 solution

Firstly learn about SQL Injection and it's dangers, then how to avoid it - e.g. from http://www.dotnetperls.com/sqlparameter[^]

That is going to prompt you to rewrite the line of code which is currently
SQL
if (ob.dml_statment("insert into onlinepatient_reg values('" + pn.Text.Trim() + "','" + drdge.Text.Trim() + "','" + age.Text.Trim() + "','" + pq.Text.Trim() + "';'" + drddept.Text.Trim() + "','" + drddoctor.Text.Trim() + "','" + pno.Text.Trim() + "','" + email.Text.Trim() + "','" + add.Text.Trim() + "','" + drdcon.SelectedItem.Text + "', '" + drdst.SelectedItem.Text + "','" + drdcit.SelectedItem.Text + "','" + "')") > 0)

When you have done that you will spot a semi-colon ; where no semi-colon should be, and what appears to be extraneous characters at the end of the values list ,'" + "'

If you had enclosed the attempt to write to the database in a try-catch block you may have been able to capture the SQL error that resulted. See http://www.dotnetperls.com/catch[^]
 
Share this answer
 
Posted
Comments
sipun002 15-Mar-14 21:04pm    
Thank u sir for guiding me the problem resolve only 2 single codes missed so that exception arise...i pray god to make your walk able way flower-full...
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How do we insert a form data into mysql database table using variable value ?
Handling values entered in an ASP.NET core form to a controller
when enter data throw this exception solution plz....
Getting duplicate data in database table 'family'
Show Database data on ASP.NET form
How to display the data (without database) into table form?
data missing in sql database on entering through web form
Asp.net read data from database
Input string was not in a correct format
data is not entering in database

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Mar 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900