Retrieving table from QueryString ASP.NET
Question
I am creating a simple query to grab a row of data according to the ID that is held in a text box. However it is not retrieving information nor is it erroring.
I have a textbox in which is filled with a querystring parameter thats passed in the URL. This is working and showing the exact ID on the page.
I am using this to grab the rest of its information into the relevant fields.
C#
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True");
con.Open();
try
{
SqlDataAdapter sda = new SqlDataAdapter("Select Recipe_Name, Recipe_Description, Recipe_Instructions FROM Recipe Where Recipe_ID= @recipeid", con);
sda.SelectCommand.Parameters.Add("@recipeid", SqlDbType.Int).Value = RecipeID.Text;
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count > 0)
nameTxt.Text = dt.Rows[0][0].ToString();
descriptionTxt.Text = dt.Rows[0][1].ToString();
instructionsTxt.Text = dt.Rows[0][2].ToString();
dt.Clear();
}
catch (Exception ex)
{
}
con.Close();
}
ASP.NET
<asp:Content runat="server" ID="BodyContent" ContentPlaceHolderID="MainContent">
<hgroup class="title">
<h1><asp:Label ID="RecipeID" runat="server" ><%=Request.QueryString["id"] %></asp:Label></h1>
<asp:Label ID="nameTxt" runat="server" Text="Name"></asp:Label>
</hgroup>
<table style="width:926px">
<tr>
<td class="auto-style2" > IMAGE </td>
<td >
<asp:Panel ID="descriptionPnl" runat="server" BackColor="White" Height="160px" Width="472px">
<asp:Label ID="descriptionTxt" runat="server" Text="Label"></asp:Label>
</asp:Panel>
</td>
</tr>
</table>
<h6> Step by Step Guide</h6>
<table style="width:900px">
<tr>
<td >
<asp:Panel ID="guidePnl" runat="server" BackColor="White" Height="200px" Width="900px">
<asp:Label ID="instructionsTxt" runat="server" Text="Label"></asp:Label>
</asp:Panel>
</td>
</tr>
</table>
</asp:Content>
Can anyone help me in the matter? Where am i going wrong and what do i need to add or change. Thank you.
3 answers
solution1
1 ACCPTED 2016-04-17 11:36:59
It's not erroring because you catch all exceptions and do nothing with it.
Also, you're vulnerable to sql injection with that code (as rightly pointed out in the comments).
You should use a relative path to locate the database file (that will break when deployed) and you should put configuration info like that in the Web.config file.
solution2
0 2016-04-17 12:03:13
protected void Page_Load(object sender, EventArgs e)
{
string ID = Request.QueryString["id"];
RecipeID.Text = ID;
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True");
con.Open();
try
{
SqlDataAdapter sda = new SqlDataAdapter("Select Recipe_Name, Recipe_Description, Recipe_Instructions FROM Recipe Where Recipe_ID= @recipeid", con);
sda.SelectCommand.Parameters.Add("@recipeid", SqlDbType.Int).Value = RecipeID.Text;
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count > 0)
nameTxt.Text = dt.Rows[0][0].ToString();
descriptionTxt.Text = dt.Rows[0][1].ToString();
instructionsTxt.Text = dt.Rows[0][2].ToString();
dt.Clear();
}
catch (Exception ex)
{
}
con.Close();
}
solution3
0 2016-04-17 12:39:13
sda.SelectCommand.Parameters.Add("@recipeid", SqlDbType.Int).Value = Request.QueryString["id"];
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.