The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound

Question

The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound

billborrero

Valued Member

Points: 62
More actions
March 21, 2012 at 8:21 pm

#270522

I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?
sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +
"VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";
try
{
using (SqlCommand cmd = new SqlCommand(sSql, conn))
{
cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
//error handling code
}

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

patrickmcginnis59 SSCertifiable Points: 6483 More actions · Answer 1

billborrero (3/21/2012)
I have an insert sql statement that uses the SqlCommand functionality for sql injection prevention, but it gives the error: The multi-part identifier "System.Web.UI.HtmlControls.HtmlInputText" could not be bound. I use the same SqlCommand functionality for updating the same table with no problems, however, this simple insert below gives the error. Can anyone help?
sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +
"VALUES (" + Session["DS0402Key"] + "," + @VisitorLName + ");";
try
{
using (SqlCommand cmd = new SqlCommand(sSql, conn))
{
cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
//error handling code
}

LOL editted to actually add a reply!

I notice that the string @VisitorLName is outside the quotes as you're building yoru sSql, maybe that should be included within your string, like

sSql = "INSERT INTO [camss].[dbo].[tb_ds0402req] ( [ds0402_key] ,[lname] ) " +

"VALUES (" + Session["DS0402Key"] + ", @VisitorLName );";

and then the @VisitorLName gets filled in by the

cmd.Parameters.AddWithValue("@VisitorLName", VisitorLName.Value);

clause? Just a shot in the dark!

I would also wonder if maybe the Session["DS0402Key"] might be parameterized also just because its a parameter also, but might not be the source of your error. Just guessing tho, not a big c# user (if thats even what it is!)

billborrero Valued Member Points: 62 More actions · Answer 2

Your right. Your suggestions worked. I guess I was looking at the code to closely, sometimes you need an extra pair of eyes. Thank you so much for your help.

patrickmcginnis59 SSCertifiable Points: 6483 More actions · Answer 3

patrickmcginnis59

SSCertifiable

Points: 6483

March 22, 2012 at 9:40 am

#1462831

awesome, extra eyes never hurt!