March 21, 2012 at 8:21 pm
I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?
sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +
"VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";
try
{
using (SqlCommand cmd = new SqlCommand(sSql, conn))
{
cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
//error handling code
}
March 22, 2012 at 6:35 am
billborrero (3/21/2012)
I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +
"VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";
try
{
using (SqlCommand cmd = new SqlCommand(sSql, conn))
{
cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
//error handling code
}
LOL editted to actually add a reply!
I notice that the string @VisitorLName is outside the quotes as you're building yoru sSql, maybe that should be included within your string, like
sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +
"VALUES (" + Session["DS0402Key"] + ", @VisitorLName );";
and then the @VisitorLName gets filled in by the
cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);
clause? Just a shot in the dark!
I would also wonder if maybe the Session["DS0402Key"] might be parameterized also just because its a parameter also, but might not be the source of your error. Just guessing tho, not a big c# user (if thats even what it is!)
March 22, 2012 at 8:54 am
Your right. Your suggestions worked. I guess I was looking at the code to closely, sometimes you need an extra pair of eyes. Thank you so much for your help.
March 22, 2012 at 9:40 am
awesome, extra eyes never hurt!
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy