How do I update details of the user that is logged in using sessions C# ASP.NET

Question

0.00/5 (No votes)

See more:

So I want to be able to update the details of the user that is logged in. So I have multiple attributes that I would like to update however I want the user not have to enter their ID each time they would like to change something. This is my code under the save button however nothing happens except redirect to the other page. Any help would be kindly appreciated

What I have tried:

<pre> protected void btnTenantSave_Click(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            //Creating a connection to my database using the connection string
            string cs = System.Configuration.ConfigurationManager.ConnectionStrings["rent-dbConnectionString1"].ConnectionString;
        SqlConnection con = new SqlConnection(cs);
        //preparing a query which will update the data in the database with the data entered into the textboxes
        SqlCommand cmd = new SqlCommand("UPDATE Tenants SET Tenant_FullName='" + this.txtTenantFullName.Text + "',Tenant_Email='" + this.txtTenantEmail.Text + "',Tenant_TelNum='" + this.txtTenantTelNum.Text + "',Tenant_EmName= '" + this.txtTenantEmName.Text + "',Tenant_EmNum= '" + this.txtTenantEmNum.Text + "',Tenant_WorkStatus= '" + this.txtWorkstatus.Text + "'Where Tenant_Email='" + Session["TenantLogin"] + "';", con);
        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();
        }
        Response.Redirect("TenantIndex.aspx");
       
    }

Posted 30-Jan-18 11:10am

Member 13652585

Updated 30-Jan-18 14:31pm

Add a Solution

Comments

an0ther1 30-Jan-18 18:40pm

Do not use string concatenation to create SQL statements, you are leaving yourself open to SQL Injection, refer to the following links;
MSDN: Protect from SQL Injection
W3 Schools:SQL Injection

Secondly, use your debugger - does the TenantLogin session value exist? Is it populated?
If the answer is yes, then you will need to determine why you are not updating the correct record, this could be because of permissions or your statement, your debugger should be able to assist with this - refer below link;
MSDN: Debugging in Visual Studio

Kind Regards

F-ES Sitecore 31-Jan-18 5:00am

If "nothing happens" then it is possible the "where" clause isn't matching a valid record in your database. We can't access your data and we don't know what is in Session["TenantLogin"] so we can't check that for you, only you can check that so learn to use the debugger to step through your code.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Answer 1 · 2018-01-30T14:31:00

Solution 1

When the user logs in you need to store their id in a Session variable and then you can use that anytime you need it.

Posted 30-Jan-18 14:31pm

ZurdoDev