sharris_glascol
asked on
Asp.net update sql table after verfication
so on a btn click I have this code: not getting any errors but it's not transferring to the database:
if (rd.HasRows)
if (rdshop.HasRows)
if (rdoper.HasRows)
{
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne ctionStrin gs["gcerp" ].ToString ();
uptime.Open();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
uptime.Close();
Response.Write("<script>wi ndow.alert ('Complete ')</script >");
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
}
else
{ Response.Write("<script>wi ndow.alert ('Did Not Update')</script>"); }
}
if (rd.HasRows)
if (rdshop.HasRows)
if (rdoper.HasRows)
{
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne
uptime.Open();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
uptime.Close();
Response.Write("<script>wi
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
}
else
{ Response.Write("<script>wi
}
ASKER
Do I have to remove the open command it doesn't like it?
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne ctionStrin gs["gcerp" ].ToString ();
uptime.Open();
cmd.ExecuteNonQuery();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
uptime.Close();
Response.Write("<script>wi ndow.alert ('Complete ')</script >");
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne
uptime.Open();
cmd.ExecuteNonQuery();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
uptime.Close();
Response.Write("<script>wi
ASKER
wrong code:
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne ctionStrin gs["gcerp" ].ToString ();
cmd.ExecuteNonQuery();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
Response.Write("<script>wi ndow.alert ('Complete ')</script >");
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.Conne
cmd.ExecuteNonQuery();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
Response.Write("<script>wi
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
You ExecuteNonQuery AFTER you give the CommandText.
Think about how you execute a query in any query tool:
1st: Connect to the database
2nd: Type in a query
3rd: Execute the text you just typed in.
So in code:
open the connection, give the command text to execute, execute the text, close the connection.
Think about how you execute a query in any query tool:
1st: Connect to the database
2nd: Type in a query
3rd: Execute the text you just typed in.
So in code:
open the connection, give the command text to execute, execute the text, close the connection.
ASKER
So I think I did what you said above, but still giving me an error saying it doesn't have an open state. What am I missing.
if (rd.HasRows)
if (rdshop.HasRows)
if (rdoper.HasRows)
{
conoper.Close();
SqlConnection uptime = new SqlConnection();
uptime.ConnectionString = ConfigurationManager.ConnectionStrings["gcerp"].ToString();
uptime.Open();
cmd.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
cmd.ExecuteNonQuery();
uptime.Close();
Response.Write("<script>window.alert('Complete')</script>");
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
}
else
{ Response.Write("<script>window.alert('Did Not Update')</script>");
Sorry that I missed this before.
Check the doc link I posted.
Everything should be based on cmd. No idea what uptime is.
So for the cmd, you set the connection, open it, set the text and execute.
If you want to use uptime, then it is uptime.CommandText and uptime.ExecuteNonQuery.
From the doc I posted:
Check the doc link I posted.
Everything should be based on cmd. No idea what uptime is.
So for the cmd, you set the connection, open it, set the text and execute.
If you want to use uptime, then it is uptime.CommandText and uptime.ExecuteNonQuery.
From the doc I posted:
SqlCommand command = new SqlCommand(queryString, connection);
command.Connection.Open();
command.ExecuteNonQuery();
ASKER
Sorry super confused. I now have, it doesn't like queryString, connection or ConnectionString..:
SqlCommand cmd1 = new SqlCommand(QueryString, connection);
cmd1.ConnectionString = ConfigurationManager.Conne ctionStrin gs["gcerp" ].ToString ();
cmd1.Open();
cmd1.ExecuteNonQuery();
cmd1.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
SqlCommand cmd1 = new SqlCommand(QueryString, connection);
cmd1.ConnectionString = ConfigurationManager.Conne
cmd1.Open();
cmd1.ExecuteNonQuery();
cmd1.CommandText = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values('" + TxtEmp.Text + "', '" + TxtShift.Text + "','" + TxtTime.Text + "', '" + TxtShop.Text + ",'" + TxtSHOPItem.Text + "','" + TxtOp.Text + "','" + TxtOpDesc.Text + "')";
>>Sorry super confused. I now have, it doesn't like queryString, connection or ConnectionString..:
I didn't mean to copy/paste/run. I meant for you to understand the steps and apply them to your code.
QueryString on the command object is the SQL text you want to execute. It is the same as doing it later with cmd.CommandText.
Personally, I use the CommandText method. Never set the text at the same time I create the command,
There are MANY examples on the web showing how to use ExecuteNonQuery.
I didn't mean to copy/paste/run. I meant for you to understand the steps and apply them to your code.
QueryString on the command object is the SQL text you want to execute. It is the same as doing it later with cmd.CommandText.
Personally, I use the CommandText method. Never set the text at the same time I create the command,
There are MANY examples on the web showing how to use ExecuteNonQuery.
ASKER
So I have it updating but it's not updating, operation description or item. It's bringing everything else.
string strConnection = ConfigurationManager.Conne ctionStrin gs["gcerp" ].Connecti onString;
string strinsert = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values(@empid, @shift, @time, @shop, @item, @oper, @operdesc)";
SqlConnection contime = new SqlConnection(strConnectio n);
SqlCommand cmdtime = new SqlCommand();
cmdtime.Connection = contime;
cmdtime.CommandType = CommandType.Text;
cmdtime.CommandText = strinsert;
SqlParameter empID = new SqlParameter("@empid", SqlDbType.Int);
empID.Value = TxtEmp.Text.Trim().ToStrin g();
cmdtime.Parameters.Add(emp ID);
SqlParameter shift = new SqlParameter("@shift", SqlDbType.Char, 2);
shift.Value = TxtShift.Text.Trim().ToStr ing();
cmdtime.Parameters.Add(shi ft);
SqlParameter time = new SqlParameter("@time", SqlDbType.DateTime);
time.Value = TxtTime.Text.Trim().ToStri ng();
cmdtime.Parameters.Add(tim e);
SqlParameter shop = new SqlParameter("@shop", SqlDbType.Char, 8);
shop.Value = TxtShop.Text.Trim().ToStri ng();
cmdtime.Parameters.Add(sho p);
SqlParameter item = new SqlParameter("@item", SqlDbType.Char, 30);
item.Value = TxtSHOPItem.Text.Trim().To String();
cmdtime.Parameters.Add(ite m);
SqlParameter shopoper = new SqlParameter("@oper", SqlDbType.SmallInt);
shopoper.Value = TxtOp.Text.Trim().ToString ();
cmdtime.Parameters.Add(sho poper);
SqlParameter description = new SqlParameter("@operdesc", SqlDbType.Char, 30);
description.Value = TxtOpDesc.Text.Trim().ToSt ring();
cmdtime.Parameters.Add(des cription);
contime.Open();
int result = cmdtime.ExecuteNonQuery();
contime.Close();
Response.Write("<script>wi ndow.alert ('Complete ')</script >");
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
}
else
{ Response.Write("<script>wi ndow.alert ('Did Not Update')</script>"); }
}
string strConnection = ConfigurationManager.Conne
string strinsert = "Insert into [_lcclockfil](empId, shift, clockin, ord_no, item_no, oper_no, oper_desc) values(@empid, @shift, @time, @shop, @item, @oper, @operdesc)";
SqlConnection contime = new SqlConnection(strConnectio
SqlCommand cmdtime = new SqlCommand();
cmdtime.Connection = contime;
cmdtime.CommandType = CommandType.Text;
cmdtime.CommandText = strinsert;
SqlParameter empID = new SqlParameter("@empid", SqlDbType.Int);
empID.Value = TxtEmp.Text.Trim().ToStrin
cmdtime.Parameters.Add(emp
SqlParameter shift = new SqlParameter("@shift", SqlDbType.Char, 2);
shift.Value = TxtShift.Text.Trim().ToStr
cmdtime.Parameters.Add(shi
SqlParameter time = new SqlParameter("@time", SqlDbType.DateTime);
time.Value = TxtTime.Text.Trim().ToStri
cmdtime.Parameters.Add(tim
SqlParameter shop = new SqlParameter("@shop", SqlDbType.Char, 8);
shop.Value = TxtShop.Text.Trim().ToStri
cmdtime.Parameters.Add(sho
SqlParameter item = new SqlParameter("@item", SqlDbType.Char, 30);
item.Value = TxtSHOPItem.Text.Trim().To
cmdtime.Parameters.Add(ite
SqlParameter shopoper = new SqlParameter("@oper", SqlDbType.SmallInt);
shopoper.Value = TxtOp.Text.Trim().ToString
cmdtime.Parameters.Add(sho
SqlParameter description = new SqlParameter("@operdesc", SqlDbType.Char, 30);
description.Value = TxtOpDesc.Text.Trim().ToSt
cmdtime.Parameters.Add(des
contime.Open();
int result = cmdtime.ExecuteNonQuery();
contime.Close();
Response.Write("<script>wi
TxtEmp.Text = "";
txtfullname.Text = "";
TxtShift.Text = "";
TxtShop.Text = "";
TxtOp.Text = "";
TxtOpDesc.Text = "";
}
else
{ Response.Write("<script>wi
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try this after setting the text and before you close the connection:
cmd.ExecuteNonQuery();
Docs:
https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.executenonquery?view=netframework-4.8
You should also use bind variables and cmd.Parameters. That will help save you from SQL Injection.