The multi-part identifier "" could not be bound.

Question

Post reply

The multi-part identifier "" could not be bound.

deandeandeandean1

Valued Member

Points: 67
More actions
April 14, 2012 at 11:36 am

#256407

Hey guys , I am curently fallen in an adverse situation . I am at the end of my website and this situation occurs as follows:-
I got 2 tables named "userdata" and "userresult" such that when user registers himself to the site , his information is inserted to both the tables . now , the login section of the website uses userdata page and then stores the "mail" column of userdata in session["mail"] .at the end of my exam website , i want to store the result of the exam undertaken by the user in "userresult" table and i m following this code --
cmdd.CommandText = "update userresult set asp_beginner= " + final.ToString() + "where mail = " + Session["mail"].ToString()";
here "final" stores the result
and i m getting this error :
The multi-part identifier "dean@gmail.com" could not be bound.
here dean@gmail.com is the email id of the user stored in both the tables (session["mail"]) .
please help friends as soon as possible .

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Gail Shaw SSC Guru Points: 1004514 More actions · Answer 1

Don't concatenate values into a string and execute them. It's a major security hole and it hinders performance.

read up on the ADO.Net parameters collection and use that.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

deandeandeandean1 Valued Member Points: 67 More actions · Answer 2

Sir ,can you give me a detailed solution . Please sir !

Gail Shaw SSC Guru Points: 1004514 More actions · Answer 3

Open the MSDN library for the ADO.Net classes and read up on the parameters collection. It's really not hard and I know the docs have a large number of examples in them.

To get you started, your command should read

cmdd.CommandText = "update userresult set asp_beginner= @final where mail = @mail";

Then you use the parameters collection to assign values to the two variables in the string (@final and @mail) and then you execute the command.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Phil Parkin SSC Guru Points: 247208 More actions · Answer 4

deandeandeandean1 (4/14/2012)
Sir ,can you give me a detailed solution . Please sir !

I don't think that Gail is a 'sir'.