I have created a website with ASP.NET which is connected to a SQL database.
The website shows a table of this with the help of a grid view.
My target is that the user can add to this table a Column and give this a name. That with the help of a TextBox and a button.
I am so far that I can add the table a column with a button click but I don't know how I can give the column a name with the TextBox
private void disp_data()
{
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from table1";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
GridView3.DataSource = dt;
GridView3.DataBind();
}
---Try1
protected void AddRow_Click(object sender, EventArgs e)
{
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "ALTER TABLE table1 ADD '"+TextBox3.Text+"' VARCHAR(50) NULL;";
cmd.ExecuteNonQuery();
disp_data();
}
---Try2
protected void AddRow_Click(object sender, EventArgs e)
{
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
string Columnname = Convert.ToString(TextBox3.Text);
cmd.CommandText = "ALTER TABLE table1 ADD @CName VARCHAR(50) NULL;";
cmd.Parameters.AddWithValue(@"CName", Columnname);
cmd.ExecuteNonQuery();
disp_data();
}
protected void AddRow_Click(object sender, EventArgs e)
{
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "ALTER TABLE table1 ADD NewColumn VARCHAR(50) NULL;";
cmd.ExecuteNonQuery();
disp_data();
} // This works
---Try1
System.Data.SqlClient.SqlException: "Incorrect syntax near 'Textboxcontent'."
---Try2
System.Data.SqlClient.SqlException: "Incorrect syntax near '@CName'."
I wouldn't suggest Try 1 since is is vulnerable to an SQL Injection. Try 2 didn't work because you use a verbatim string instead of using @CName
as string.
protected void AddRow_Click(object sender, EventArgs e) {
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "ALTER TABLE table1 ADD @CName VARCHAR(50) NULL;";
cmd.Parameters.AddWithValue("@CName", TextBox3.Text);
cmd.ExecuteNonQuery();
}
I had to add "Replace" to make @CNAME useful, now it works
protected void AddRow_Click(object sender, EventArgs e) {
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "ALTER TABLE table1 ADD @CNAME VARCHAR(50) NULL;";
cmd.CommandText = cmd.CommandText.Replace("@CNAME", TextBox3.Text);
// cmd.Parameters.AddWithValue("@CName", TextBox3.Text);
cmd.ExecuteNonQuery();
disp_data();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.