1

if I don't enter anything in one of the textbox , ASP.NET can't tell an empty textbox and treat it at null... So anyone please help me how to detect an empty textbox and set that to null

i know that this code is ganna work well 

If MUSIC_TITLE.Text.Trim() = "" Then

MUSIC_TITLE.Text = Nothing

End If

but i can't use be couse i have a lot of forms in my application so i need somthing or any function exist in the ASP.NET that can handel this

and thats for the insert in a requet the sql server

"insert into Reunion values(" & Convert.ToInt32(ID_Reunion.Text) & ",'" & d.ToString("MM/dd/yyyy") & "'," & Convert.ToInt32(ID_Membre.Text) & ",'" & Type_Reunion.Text & "','" & Session("Nom_GIAC") & "')"

and tnks

Yassine edouiri
  • 281
  • 3
  • 14
  • 30
  • Why do you want to set it to `Nothing`? It would be returned as `string.Empty` anyway. You cannot differ between `null` and empty in `Text` properties in ASP.NET. – Tim Schmelter Sep 14 '12 at 13:57

2 Answers2

1

This sounds like you're trying to directly store the textbox values in your database.

Please don't do this. If you haven't already, learn about the high risk security threat of SQL Injection and parameterize your INSERTS and UPDATES.

Before setting the parameters, you can convert empty strings to Nothing if required.

Dim musicTitle as String = _
    If(String.IsNullOrWhiteSpace(MUSIC_TITLE.Text), Nothing, MUSIC_TITLE.Text)
Dennis Traub
  • 50,557
  • 7
  • 93
  • 108
  • i know the SQL Injection but i already have the controle validation in each controle in the forms – Yassine edouiri Sep 14 '12 at 14:01
  • @Yassineedouiri That is good. And I'm sure you've also considered the possibility of someone modifying the HTTP request or even sending a fake one through fiddler or some other tool that doesn't care about client-side validation. **ALWAYS** validate on the server. And **NEVER** directly send any user input to the database. No matter what client-side validation is in place, it can always be disabled by a malicient user. – Dennis Traub Sep 14 '12 at 14:06
  • can you please send me any tutoriel that can solve the injection problem be couse i have some textbox used as a string paramétre in my database so i don't need any control validation on it .. so i'm wondring if ter is any method can handlethis mesery :'( – Yassine edouiri Sep 14 '12 at 14:17
  • @Yassineedouiri have a look at http://stackoverflow.com/questions/4018174/preventing-sql-injection-in-asp-net-vb-net – Dennis Traub Sep 14 '12 at 14:22
  • tnks my brother for every thing – Yassine edouiri Sep 14 '12 at 14:24
  • String is a reference type, hence it implicitly is nullable. In fact, `Nullable(Of String)` won't even compile, for this very reason. – Daniel Liuzzi Mar 18 '14 at 22:44
  • @DanielLiuzzi You're right, thanks. I changed the snippet accordingly. – Dennis Traub Mar 19 '14 at 08:18
0

In your insert sp should be like:

create procedure Insert(@test varchar(50)=NULL)
as
    begin
        update foo set testCol=@test
    end

In c#, use below code, when calling the sp and adding the parameters:

if(txt.Text!=String.Empty)
{
    cmd.Parameters.Add("@test",SqlDBType.Varchar,20).Value=txt.Text;
}
Jake1164
  • 12,291
  • 6
  • 47
  • 64
Sanjay Gupta
  • 186
  • 2
  • 11