Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Reload this Page Insert Variable Value into DB
|
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 23rd, 2006, 02:41 PM
Registered User
  
Join Date: Apr 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Insert Variable Value into DB
Hey folks:

I'm quite new to ASP.Net I've been writing the bulk of my apps in Classic ASP.

anyways this may sound like a trivial question but I've notice in all the examples I have seen thus far with inserting data into the database using Visual Web Developer and the Form view. The assumption has always been made that its user entered data.

is there a way of inserting a value of a variable into the database as well.

I know in classic ASP you used Request.Form for you form fields (querystring if they are passed using get) and when you wanted to save the Variable you just spell out its name

ie.

insert into table set field1 = '"&request("formFieldName")&"', field2 = '"&VariableName&"'

in Beg ASP.Net they talk about the Parameters but that all from the form fields what about any variable values that i want to save as well.

any suggestions.


Dean Forant

Programmer
Delta Mechanical Seals
44 Probber Lane
Fall River, MA. 02720
(508)324-4032 Ext 118
 
Old June 24th, 2006, 03:21 AM
Authorized User
  
Join Date: Jun 2006
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Hi There,

In .Net there are many ways of interacting with a database, but as you mention parameters in your post, I assume that you want to use the connected method of data access that doesn't use data sets and data adapters.

Here are a few pointers, and a code sample:

1. If you are going to use sql statements in your code rather than stored procedures it is VERY IMPORTANT to use parametrized queries (example below), instead of creating query by directly from the values of form fields. Parameters in .net check their contents for malicious input (such as a sql injection - see google) before creating the query.

2. Although you can use Request.Form/QueryString in asp.net, it is not recommended. Instead you should access the form field objects' (eg TextBox) through their properties (eg for TextBox, .Text).

Here is the Aspx Code:

Code:
<form id="form1" runat="server">
<div>
<asp:TextBox ID="txtInputOne" runat="server"></asp:TextBox><br />
<asp:TextBox ID="txtInputTwo" runat="server"></asp:TextBox><br />
<asp:Button ID="btnSubmit" runat="server" OnClick="btnSubmit_Click" Text="Submit" />
</div>
</form>
Here is the code behind for the button event handler (in c#, if can't convert to vb then let me know):

Code:
protected void btnSubmit_Click(object sender, EventArgs e)
{
        //set up the connection
        SqlConnection conn = new SqlConnection("your connection string");

        //set up the command, using the sql and the connection made in the previous line
        //each inserted value is represented by a parameter (@field1 and @field2)
        SqlCommand insertCommand = new SqlCommand("insert into table set field1 = @field1, field2 = @field2", conn);

        //create parameter objects for each parameter in the previous line
        SqlParameter parField1 = new SqlParameter("@field1", SqlDbType.VarChar);
        SqlParameter parField2 = new SqlParameter("@field2", SqlDbType.VarChar);

        //assign the values of the text boxes to the parameters
        //the .Text property is the asp.net method of doing Request.Form of Request.QueryString
        parField1.Value = txtInputOne.Text;
        parField2.Value = txtInputTwo.Text;

        //add the parameters to the previously created insert command
        insertCommand.Parameters.Add(parField1);
        insertCommand.Parameters.Add(parField2);

        //put db execution inside try catch as db exceptions are common
        try
        {
            //open the connection
            conn.Open();

            //this line actually executes your command and returns the number of rows affected
            int rowsAffected = insertCommand.ExecuteNonQuery();
        }
        catch (Exception ex)
        {
            //log exception or provide custom logic to give error message
        }
        finally
        {
            //ensure that the connection object is cleaned up, freeing resources on the db server
            conn.Close();
            conn.Dispose();
        }
    }
I hope this helps,
Rich





Similar Threads
Thread Thread Starter Forum Replies Last Post
Using INSERT INTO with a string Variable Suspect Access VBA 2 January 6th, 2015 11:25 AM
Variable Usage in Insert Command tara0308 Access VBA 7 July 30th, 2007 12:50 PM
insert into db keyvanjan Classic ASP Databases 1 May 9th, 2005 11:50 PM
Using SQL Insert into with a variable erichoangnguyen Access VBA 3 May 3rd, 2005 01:40 PM
can't insert in db darkhalf Classic ASP Databases 11 January 12th, 2005 06:48 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.