The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound

  • I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?

    sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +

    "VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";

    try

    {

    using (SqlCommand cmd = new SqlCommand(sSql, conn))

    {

    cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);

    cmd.ExecuteNonQuery();

    }

    }

    catch (Exception ex)

    {

    //error handling code

    }

  • billborrero (3/21/2012)


    I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?

    sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +

    "VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";

    try

    {

    using (SqlCommand cmd = new SqlCommand(sSql, conn))

    {

    cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);

    cmd.ExecuteNonQuery();

    }

    }

    catch (Exception ex)

    {

    //error handling code

    }

    LOL editted to actually add a reply!

    I notice that the string @VisitorLName is outside the quotes as you're building yoru sSql, maybe that should be included within your string, like

    sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +

    "VALUES (" + Session["DS0402Key"] + ", @VisitorLName );";

    and then the @VisitorLName gets filled in by the

    cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);

    clause? Just a shot in the dark!

    I would also wonder if maybe the Session["DS0402Key"] might be parameterized also just because its a parameter also, but might not be the source of your error. Just guessing tho, not a big c# user (if thats even what it is!)

  • Your right. Your suggestions worked. I guess I was looking at the code to closely, sometimes you need an extra pair of eyes. Thank you so much for your help.

  • awesome, extra eyes never hurt!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply