0

I am trying to stop the JavaScript code to run when the data is found in the table (dt.Rows.Count > 0). At the moment the code is not inserting data in the database (that what I want) but the JavaScript continues running because I am still getting the successful insert message. Thanks!

HTML

<input type="button"  id="btnAddConsent" value="Add Consent"   onclick="insertData();" />

JavaScript

function insertData() {
    var MBID = document.getElementById("txtConsentMBID").value;
    var ConsentID = document.getElementById("DropDownListConsent").value;
    var ConsentDate = document.getElementById("txtPatientConsentDate").value;
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.open("GET", "insertConsent.aspx?mb=" + MBID + " &ci= " + ConsentID + "&cd=" + ConsentDate, false);
    xmlhttp.send(null);

    ConsentID = document.getElementById("DropDownListConsent").value = "";
    ConsentDate = document.getElementById("txtPatientConsentDate").value = "";
    alert("Consent Added Successfully");
}

C#

using (SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Molecular"].ConnectionString))
{
    MBID = Request.QueryString["mb"].ToString();
    ConsentID = Request.QueryString["ci"].ToString();
    ConsentDate = Request.QueryString["cd"].ToString();

    con.Open();

    using (SqlCommand sc = new SqlCommand(@" select * from ConsentGroup where ConsentID = @ConsentID and MBID=@MBID ", con))
    {
        sc.Parameters.AddWithValue("@MBID", MBID);
        sc.Parameters.AddWithValue("@ConsentID", ConsentID);
        //sc.Parameters.AddWithValue("@ConsentDate", ConsentDate);
        //sc.ExecuteNonQuery();

        DataTable dt = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(sc);
        da.Fill(dt);
        if (dt.Rows.Count > 0)
        {
            // this message should displayed when count is more that 1
            Response.Write("alert('This Patient already has this Concent saved in the Database');");
        }
        else
        {
            using (SqlCommand sc1 = new SqlCommand(@"insert into ConsentGroup (MBID, ConsentID, ConsentDate, ConsentWithdraw, ConsentConfirm) 

            values('" + MBID + "','" + ConsentID + "','" + ConsentDate + "','NO','YES')", con))
            {
                sc1.ExecuteNonQuery();
            }
        }
    }

    con.Close();
}
cezar
  • 11,616
  • 6
  • 48
  • 84
Eric Mbiada
  • 133
  • 1
  • 11
  • 3
    Ack...your first query you parameterized but your insert statement is wide open to sql injection. Why did you change? You need to parameterize ALL your queries. And you might take a peek at this. http://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/ – Sean Lange May 16 '17 at 13:23

1 Answers1

1

XMLHttpRequest has an event listener onreadystatechange which is called as the http request is progressing. When readyState is 4, the request is complete. At this point, you may intercept what is returned from your function, and determine which alert should be shown.

xmlhttp.onreadystatechange = function()
{
    if (request.readyState == 4 && request.status == 200)
    {
        alert(request.responseText);
    }
}
David Hedlund
  • 128,221
  • 31
  • 203
  • 222