0

In my Project I have student database and two webform. In database there are 6 columns( Email, Password, Name, Phone, ExamStatus, Score. I am inserting Email and Password value through webform1 and Name and password through another webform. Actually webform1 redirects to webform2.

here is my code behind file of webform1:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class signin : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void signupbtn_Click(object sender, EventArgs e)
    {
        using (SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=C:\\Users\\Punam\\Desktop\\Project\\App_Data\\OnlineLearning.mdf;Integrated Security=True"))
        {
            SqlCommand cmd = new SqlCommand("insert into Student (Email, Password) values(@email, @password)", con );
            cmd.Parameters.AddWithValue("@email", txtboxemail.Text);
            cmd.Parameters.AddWithValue("@password", txtboxpass.Text);
            con.Open();
            cmd.ExecuteNonQuery();
            Session["signup"] = txtboxemail.Text.ToString();
            Response.Redirect("profile.aspx");
        }
    }
}

and codebehind file of webform2:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

    public partial class profile : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["signup"] == null)
            {
                Response.Redirect("signup.aspx");
            }
        }

        protected void btnsave_Click(object sender, EventArgs e)
        {
            using (SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=C:\\Users\\Punam\\Desktop\\Project\\App_Data\\OnlineLearning.mdf;Integrated Security=True"))
            {
                string mail = Session["signup"].ToString();
                SqlCommand cmd = new SqlCommand("Update Student set Name = @name, Phone = @phoneno where Email = + mail ", con);
                cmd.Parameters.AddWithValue("@name", txtboxname.Text);
                cmd.Parameters.AddWithValue("@phoneno", txtboxphone.Text);
                con.Open();
                cmd.ExecuteNonQuery();
                Response.Redirect("login.aspx");

            }
        }
    }

But it is throwing error System.Data.SqlClient.SqlException: Invalid column name 'mail'.

Punam
  • 25
  • 7
  • 2
    `where Email = + mail` <= what is `mail`? You probably meant to pass another parameter here... (`where Email = @mail`) Treat it the same way you did with `@name` and `@phoneno`. *Most* of the time error messages tell you exactly why something is failing, you just have to read them... – Igor Jul 25 '18 at 16:09
  • Make `@mail` a parameter in your query. – Dan Wilson Jul 25 '18 at 16:09
  • Probably you meant to write @mail instead of + mail and add @ email parameter. And BTW you are designing a weak system (unencrypted password?) – Cetin Basoz Jul 25 '18 at 16:10
  • On a side note you should [not use AddWithValue](https://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/) – Igor Jul 25 '18 at 16:11
  • mail is the string which I got from Session @lgor – Punam Jul 25 '18 at 16:12
  • Yahh, I am a new bie...just exploring right now. – Punam Jul 25 '18 at 16:13
  • If u can provide code it will be very helpful for me – Punam Jul 25 '18 at 16:14
  • I did, see my 1st comment. You can figure the rest out, it is not hard. All you have to do is read the comments and apply that to the existing code. – Igor Jul 25 '18 at 16:15
  • What should I use instead of AddWithValue @lgor – Punam Jul 25 '18 at 16:20
  • cmd.Parameters.Add("@mail", SqlDbType.VarChar).Value = mail; (it is not really an issue here to use AddWithValue or not. You have more serious problems in your design) – Cetin Basoz Jul 25 '18 at 16:22
  • what is that problem? – Punam Jul 25 '18 at 16:28
  • You are storing plain text password. – Cetin Basoz Jul 25 '18 at 16:29
  • Right. I should implement with encryption to store password – Punam Jul 25 '18 at 16:31
  • `What should I use instead of AddWithValue` - in my comment I provided a link to an article which includes why it is bad practice and how to fix it. – Igor Jul 25 '18 at 16:37

1 Answers1

0

1) Please replace following line to pass Email address in SQL Query which is in Session to db

SqlCommand cmd = new SqlCommand("Update Student set Name = @name, Phone = @phoneno where Email = + mail ", con);

With 

SqlCommand cmd = new SqlCommand("Update Student set Name = @name, Phone = @phoneno where Email = @Email ", con);

2) Add @Email as Command parameter

cmd.Parameters.AddWithValue("@Email", mail);
Jigar Joshi
  • 56
  • 4