-1

I am creating a social network website as facebook, but that website has some errors with posing status , i used following code to post status. I called this method on page_Load event and post button

 private DataSet GetData()
{

    string CS=ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString;
    using (SqlConnection con = new SqlConnection(CS))
    {
        SqlDataAdapter da = new SqlDataAdapter("Select * from PhotoStatusProfile WHERE Email = '" + Session["Email"].ToString() +"'",con);
        DataSet ds = new DataSet();
        da.Fill(ds);
        return ds;


    }

}

This is html code

<asp:Repeater runat="server" ID="Repeater1">
 <ItemTemplate>

     <div class="yourDivClass" style="border-top: thin none #BBCEB3; border-bottom: thin none #BBCEB3; padding: 10px; height: 121px; width: 548px; margin-top: 10px; right: 10px; left: 10px; border-left-width: thin; margin-left: 15px; background-color: #e9eaee; border-left-color: #BBCEB3; border-right-color: #BBCEB3;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                    <br />
                    <div style="width: 58px; height: 62px">
                    <asp:Image ID="Image1" runat="server" Height="59px" ImageAlign="Top" ImageUrl="~/Profile/Image/supun_Profilemini.jpg" Width="55px" />
                        </div>
                    <div style="width: 307px; height: 21px; margin-left: 65px; margin-top: -60px">
                        <asp:Label ID="Label2" runat="server" Font-Bold="True" Font-Names="Arial" ForeColor="#000066" ><%#Eval("name") %> </asp:Label>
                    </div>
                    <div style="height: 22px; width: 461px; margin-left: 78px; margin-top: 11px">&nbsp;<asp:Label ID="Label8" runat="server"><%#Eval("Status") %></asp:Label>
                   <br><br>
                         </div>
                    &nbsp;</div>
 </ItemTemplate>

post button cs code

   SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
        conn.Open();
        try
        {



            string inserQuery = "insert into PhotoStatusProfile(Name,Status,Email,Date) values (@Name,@Status,@e,@CreatedAt)";
            SqlCommand commm = new SqlCommand(inserQuery, conn);
            commm.Parameters.AddWithValue("@Name", ProfileName.Text);
            commm.Parameters.AddWithValue("@Status",TextBox1.Text);
            commm.Parameters.AddWithValue("@e", Label1.Text);
            commm.Parameters.AddWithValue("@CreatedAt", DateTime.Now);


            commm.ExecuteNonQuery(); 


            Label1.Text = Session["Email"].ToString();



        }

But After i'm posting some status I faced some errors.

On this website, my new post displayed on bottom and oldest one on top but i want new post to top and others Gradually top to bottom ,(descending order by considering time)

give me a suggestion for this code to set these for descending order 

SqlDataAdapter da = new SqlDataAdapter("Select * from PhotoStatusProfile WHERE Email = '" + Session["Email"].ToString() + "'", con);

Thanks

Prabath
  • 19
  • 1
  • 8
  • It is not clear from your post what the created date field is in your table but you just have to add `ORDER BY CreatedDateField` on the end of your SQL query if you want to order by date created. – Ben Robinson Dec 18 '14 at 17:07
  • 2
    My email is `xxx@xxx.com'; DROP TABLE PhotoStatusProfile; --` See this http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work – Steve Dec 18 '14 at 17:09
  • I want new post to top – Prabath Dec 18 '14 at 17:11

1 Answers1

0

SqlDataAdapter da = new SqlDataAdapter("Select * from PhotoStatusProfile WHERE Email = '" + Session["Email"].ToString() +"' order by Date desc",con);

Anders H
  • 391
  • 4
  • 11