asp.net update with datareader don't work

Question

i want to change textbox information but when i try to do that it's don't work this is my asp.net vb code

Imports System.Data.SqlClient

Imports System.Data Imports System.Data.SqlClient.SqlDataReader Partial Class _Default Inherits System.Web.UI.Page

Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

    Dim connectionString As String = "Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\napster\Documents\ZE.mdf;Integrated Security=True;Connect Timeout=30"



    Dim queryString As String = "Update TEST Set chaine1= '" & TextBox1.Text & "' "
    Dim connection As New SqlConnection(connectionString)

    Dim command As New SqlCommand(queryString, connection)

    connection.Open()
    command.ExecuteNonQuery()
    connection.Close()

End Sub

Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
    Dim connectionString As String = "Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\napster\Documents\ZE.mdf;Integrated Security=True;Connect Timeout=30"
    Dim queryString As String = "SELECT * from TEST "
    Dim connection As New SqlConnection(connectionString)

    Dim command As New SqlCommand(queryString, connection)

    connection.Open()
    Dim dataReader As SqlDataReader = command.ExecuteReader()

    While dataReader.Read()
        TextBox1.Text = dataReader.GetSqlString(3)
    End While
    TextBox1.
End Sub

End Class

`it's don't work`. How about describing what doesn't work and any error messages you receive. — Rick S, May 04 '14 at 18:53

score 0 · Answer 1 · edited May 23 '17 at 12:28

You should always consider how the ASP.NET model works.

In ASP.NET, when you click a button that executes a server side code (the event) you get always a call to the Page.Load event before the call to your event handler code.

In your Page.Load you execute again the code to load the TextBox from the database, but this code destroys the content of the textbox that has been typed by you. The textbox is set to the original value extracted by the database, so, when the code in the button event handler is executed it writes the same value to the database.

To resolve this situation you need to add this to the Page_Load event

Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
    if Not IsPostBack Then
        Dim connectionString As String = "......"
        Dim queryString As String = "SELECT * from TEST "
        Dim connection As New SqlConnection(connectionString)
        Dim command As New SqlCommand(queryString, connection)

        connection.Open()
        Dim dataReader As SqlDataReader = command.ExecuteReader()

        While dataReader.Read()
            TextBox1.Text = dataReader.GetSqlString(3)
        End While
   End If
End Sub

Said that, please take notice, your code in the button click event is very dangerous because you concatenate whatever is typed by the user to a string that is then passed as a sql command to the database. This is the pattern used by the Sql Injection attacks that could destroy your database or stole valuable information from you tables

asp.net update with datareader don't work

1 Answers1