Solved

asp.net c# string and session

Posted on 2011-03-15
6
371 Views
Last Modified: 2012-06-21
     Session["UserId"] = PortalGlobals.UserId ;
        //string UserId = PortalGlobals.UserId;

For some reasons, if I tried to use //string UserId = PortalGlobals.UserId;
and the following sql. It will fail me....

Any experts have idea how to fix it?


   SqlDataSource1.SelectCommand = "SELECT CrmSchedule.*, CrmSchedule.MeetingCity + ', ' + CrmSchedule.MeetingState as MeetingCityAndState, CrmLeadSource.Description AS DescLeadSource, "
        + " CrmMeetingType.Description AS DescMeetingType, CrmScheduleStatus.Description AS DescScheduleStatus, "
        + " Customers.Name As CustName, Customers.MC_Number FROM CrmSchedule INNER JOIN"
        + " CrmLeadSource ON CrmSchedule.LeadSourceId = CrmLeadSource.LeadSourceId INNER JOIN"
        + " CrmMeetingType ON CrmSchedule.MeetingTypeId = CrmMeetingType.MeetingTypeId INNER JOIN"
        + " CrmScheduleStatus ON CrmSchedule.ScheduleStatusId = CrmScheduleStatus.ScheduleStatusId INNER JOIN"
        + " Customers ON CrmSchedule.CustomerId = Customers.ID Where CrmSchedule.UserId='" + UserId.ToString() + "'"
        + " Order By CrmSchedule.BeginDate Desc";      
   
protected void Page_Load(object sender, EventArgs e)
    {
        Session["UserId"] = PortalGlobals.UserId ;
        //string UserId = PortalGlobals.UserId;

        SqlDataSource1.SelectCommand = "SELECT CrmSchedule.*, CrmSchedule.MeetingCity + ', ' + CrmSchedule.MeetingState as MeetingCityAndState, CrmLeadSource.Description AS DescLeadSource, "
        + " CrmMeetingType.Description AS DescMeetingType, CrmScheduleStatus.Description AS DescScheduleStatus, "
        + " Customers.Name As CustName, Customers.MC_Number FROM CrmSchedule INNER JOIN"
        + " CrmLeadSource ON CrmSchedule.LeadSourceId = CrmLeadSource.LeadSourceId INNER JOIN"
        + " CrmMeetingType ON CrmSchedule.MeetingTypeId = CrmMeetingType.MeetingTypeId INNER JOIN"
        + " CrmScheduleStatus ON CrmSchedule.ScheduleStatusId = CrmScheduleStatus.ScheduleStatusId INNER JOIN"
        + " Customers ON CrmSchedule.CustomerId = Customers.ID Where CrmSchedule.UserId='" + Session["UserId"] + "'"
        + " Order By CrmSchedule.BeginDate Desc";       
    }

Open in new window

0
Comment
Question by:Webboy2008
  • 3
  • 3
6 Comments
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 35141250
Do you mean if you uncomment that line and and change line 12 to + " Customers ON CrmSchedule.CustomerId = Customers.ID Where CrmSchedule.UserId='" + UserId + "'"?

How does it fail? What happens, or what exception do you get?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 35141343
Also, I think that's not quite a well-formed SQL command, line 6 is going to result in:

SELECT CrmSchedule.*, CrmSchedule.MeetingCity + ', ' + CrmSchedule.MeetingState as MeetingCityAndState, CrmLeadSource.Description AS DescLeadSource

Being sent to the SQL server, and those plus signs, quotes and comma aren't gonna make it happy - looks like you might have had some other variable in there, I would recommend writing your SQL statement as:

string commandText = @"SELECT CrmSchedule.*, CrmSchedule.MeetingCity, CrmSchedule.MeetingState as MeetingCityAndState, CrmLeadSource.Description AS DescLeadSource,
CrmMeetingType.Description AS DescMeetingType, CrmScheduleStatus.Description AS DescScheduleStatus,
Customers.Name As CustName, Customers.MC_Number FROM CrmSchedule INNER JOIN
CrmLeadSource ON CrmSchedule.LeadSourceId = CrmLeadSource.LeadSourceId INNER JOIN
CrmMeetingType ON CrmSchedule.MeetingTypeId = CrmMeetingType.MeetingTypeId INNER JOIN
CrmScheduleStatus ON CrmSchedule.ScheduleStatusId = CrmScheduleStatus.ScheduleStatusId INNER JOIN
Customers ON CrmSchedule.CustomerId = Customers.ID Where CrmSchedule.UserId='{0}'
Order By CrmSchedule.BeginDate Desc";

SqlDataSource1.SelectCommand = String.Format(commandText, PortalGlobals.UserID);

Open in new window


Or better yet, use SqlParameters (just not sure how to do that off the top of my head with the SqlDataSource, sorry).
0
 

Author Comment

by:Webboy2008
ID: 35143072
Error:

Compiler Error Message: CS0103: The name 'commandText' does not exist in the current context

Source Error:

 

Line 24:        + " Customers ON salesreps.CUSTOMER_ID = Customers.ID"
Line 25:          + " WHERE salesreps.USER_ID='{0}'";
Line 26:        SqlDataSource1.SelectCommand = String.Format(commandText,PortalGlobals.UserId);
Line 27:        
Line 28:
 
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 35143115
Sorry I, I meant assigning to the SQL string to a string variable named "commandText" first, and then writing SqlDataSource1.SelectCommand = String.Format(commandText, PortalGlobals.UserId).  So you're Page_Load would look like:

protected void Page_Load(object sender, EventArgs e)
{
    // Putting the @ symbol in front of the string lets you write it over
    // several lines without needing to + together a bunch of different strings
    // (it also disables escape sequences like \r\n)
    string commandText = @"SELECT CrmSchedule.*, CrmSchedule.MeetingCity, CrmSchedule.MeetingState as MeetingCityAndState, CrmLeadSource.Description AS DescLeadSource,
CrmMeetingType.Description AS DescMeetingType, CrmScheduleStatus.Description AS DescScheduleStatus,
Customers.Name As CustName, Customers.MC_Number FROM CrmSchedule INNER JOIN
CrmLeadSource ON CrmSchedule.LeadSourceId = CrmLeadSource.LeadSourceId INNER JOIN
CrmMeetingType ON CrmSchedule.MeetingTypeId = CrmMeetingType.MeetingTypeId INNER JOIN
CrmScheduleStatus ON CrmSchedule.ScheduleStatusId = CrmScheduleStatus.ScheduleStatusId INNER JOIN
Customers ON CrmSchedule.CustomerId = Customers.ID Where CrmSchedule.UserId='{0}'
Order By CrmSchedule.BeginDate Desc";

    // The String.Format method will replace the {0} in commandText with the value
    // of PortalGlobals.UserId
    SqlDataSource1.SelectCommand = String.Format(commandText, PortalGlobals.UserId);
}

Open in new window


By the way, you need to be careful that PortalGlobals.UserId doesn't contain any special SQL characters, like the single quote (') in particular.  If this value comes from the user it's possible someone could take advantage of it and inject their own SQL statement - one reason why using SqlParameters is a good idea.
0
 

Author Comment

by:Webboy2008
ID: 35143289
Got it. Your point is coming.

Have another question if you interest to help:

http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_26889448.html
0
 

Author Closing Comment

by:Webboy2008
ID: 35143291
Excellent Helps
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question