Selecting a value from one table to insert the id of the row to another one in asp.net

Question

I'm trying the most simple insert implementation in my project for learning and to show it to my future employers. I know i should put it in another layer and call it etc but i honestly don't have enough time and i need to learn how to do it the easy way anyways.

I already have the "@username" stored in SESSION["USER"], now i need to insert into the table ORDERS the amount and the product ID, the thing is the Product name is in the PRODUCTS table.

I have the product names in a drop down list already so the USER selects the value, types the amount and then it clicks on BUY and it stores the ORDER it in the database.

What is the correct way to query this SQL command? I was thinking the SqlCommand would do the trick but i'm still not quite sure of how to put it.

Sample from the database:

CREATE TABLE ORDERS
(
_OrderID int not null identity (1,1) primary key,
_Date datetime null,
_Quantity bigint null,
_ProdID int foreign key references PRODUCTS (_ProductID),
_UserID int foreign key references USERS (_UserID)
)
GO


CREATE TABLE PRODUCTS
(
_ProductID int not null identity(1,1) primary key,
_ProdName nchar (200) null,
_StockUnits int,
_SuppID int foreign key references SUPPLIERS (_SuppID)
)
GO

CREATE TABLE USERS
(
_UserID int not null identity(1,1) primary key,
_UserEmail varchar (35) null,
_UserName varchar (30) not null,
_UserPass varchar (30) not null,
_Name varchar (100),
_Phone varchar (20) null,
_Address varchar (150) null,
_Authority int not null,
_Special bit null
)
GO

 protected void btnBuy_Click(object sender, EventArgs e)
        {
           //obviously incomplete.
            string usrQuery = Session["NOMUSU"].ToString();
            SqlConnection oConnection = new SqlConnection("Server=.\\SQLExpress;AttachDbFilename=L:\\Apps\\VS Projects\\Carnisoftix\\CarniDb.mdf;Database=CarniDb;Trusted_Connection=Yes;");
            SqlCommand oCom = new SqlCommand("INSERT INTO ORDERS _Date, _Quantity VALUES " + " (" + DateTime.Now.ToString("yyyy-mm-dd HH:mm:ss") + ", "+ txtAmount.Text 
        }

PD: Should i make a stored procedure for this simple task?

score 1 · Accepted Answer · answered May 06 '13 at 06:25

1

The key to your problem is in this statement of yours:

I have the product names in a drop down list already

When you build that dropdown list you can add the Id of the products and use it as the value in the dropdown such that you will have something like this:

<select>
    <option value="1">Apple</option>
    <option value="2">Banana</option>
    <option value="3">Orange</option>
</select>

Then you pass/get that value in your code-behind, similar to how you get the value of the amount from txtAmount. In that manner you don't have to query the products table by name just to get the _ProductID so you can insert it into the ORDERS table.

answered May 06 '13 at 06:25

von v.

16,868
4
60
84

Yeah, and you might want to fix that sql you have. Either you use a stored procedure or if you're not a fan of it, at least parameterize that query, something like: `INSERT INTO ORDERS (_Date) VALUES (@date)`. [See this easy to understand example](http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html) – von v. May 06 '13 at 06:35
Okay im onto it, im doing it the easy dumb way: a while goes through the list that is ordered by product id and when its == to the selected value it stops adding to an int variable and then i use that to store the product id in the database. thanks you. – Computer's Guy May 06 '13 at 06:53
You're welcome. Although I'm a bit lost with your last comment, but I guess you have solved your problem as you already accepted my answer. If not, then just let me know here. – von v. May 06 '13 at 07:00

Selecting a value from one table to insert the id of the row to another one in asp.net

1 Answers1