public partial class SignUp : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void BtSignup_Click(object sender, EventArgs e)
{
String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("insert into Users values('"+TbUname.Text+"', '"+TbPass.Text+"','"+TbEmail.Text+"', '"+TbName.Text+"')",con);
con.Open();
cmd.ExecuteNonQuery(); //error in this line
}
}
}
Asked
Active
Viewed 231 times
-7
Kyle B
- 2,328
- 1
- 23
- 39
Mohammed Saquib
- 75
- 2
- 9
-
1so whats the errorcode? – Hubii May 15 '18 at 11:04
-
What happens when your user puts an apostrophe in one of the text boxes? You need to use parameters – Kyle B May 15 '18 at 11:04
-
Whats the error???? – Gagan Deep May 15 '18 at 11:06
-
print the sql command or query and see what's wrong there – Rahul May 15 '18 at 11:07
-
when user puts apostrophe it shows error like "incorrect syntax near.. unclosed quotation mark after the character string )' " – Mohammed Saquib May 15 '18 at 11:09
-
@MohammedSaquibSiddique, is that the error your seeing or is that just ANOTHER error? – Kyle B May 15 '18 at 11:09
-
maybe you get an error because you have want to insert more or less values then columns. Iam also not sure if ur ' and " is in the right order, what says the errorcode – Raizzen May 15 '18 at 11:10
-
@KyleB this is another error – Mohammed Saquib May 15 '18 at 11:11
-
1@MohammedSaquibSiddique could you post complete error message in your original post. – Gagan Deep May 15 '18 at 11:18
-
1That is a bad question. You provided no details. Please edit the question and include all the details in the question and describe how you get the problem and what you expect. – Mohammed Noureldin May 15 '18 at 11:22
2 Answers
1
The two likely problems that I can see without you adding the error code.
- is that you are missing the column names in your insert statement.
- is that a user is putting an apostrophe in one of your text boxes. This is a SQL Injection vulnerability.
Try something similar to this instead:
using (SqlConnection con = new SqlConnection(CS))
{
// add the columns and do not concatenate strings in SQL statements
SqlCommand cmd = new SqlCommand(@"insert into Users
(username, password, email, name)
values
(@username, @password, @email, @name)", con);
// add values by using sql parameters
cmd.Parameters.AddWithValue("@username", TbUname.Text);
cmd.Parameters.AddWithValue("@password", TbPass.Text);
cmd.Parameters.AddWithValue("@email", TbEmail.Text);
cmd.Parameters.AddWithValue("@name", TbName.Text);
con.Open();
cmd.ExecuteNonQuery();
}
Kyle B
- 2,328
- 1
- 23
- 39
-
Cannot insert the value NULL into column 'Id', table 'E:\VS_PROJECTS\SAMPLEWEBSITE\APP_DATA\MYDATABASE.MDF.dbo.Users'; column does not allow nulls. INSERT fails. The statement has been terminated. (This error shows according to your code ) – Mohammed Saquib May 15 '18 at 11:38
-
@MohammedSaquibSiddique, for "Cannot insert the value NULL", see: https://stackoverflow.com/questions/10013313/why-is-sql-server-throwing-this-error-cannot-insert-the-value-null-into-column – Kyle B May 15 '18 at 11:42
0
insert into Users (dbcol1, dbcol2, dbcol3, dbcol4)values('"+TbUname.Text+"', '"+TbPass.Text+"','"+TbEmail.Text+"', '"+TbName.Text+"')
here dbcol is means it your table coloumn name....
try this..
and also in your database table id is not allowing null values. i think your coloumn(id) is primary key. you can`t pass null either you change or else you should pass value in (id)coloumn..
Naveed
- 46
- 4