0

I am putting together a client user interface that uses SQL to add / verify an email address, then between 3 separate drop down menus if an item is checked, then it will put the corresponding values into SQL. My question is when an email already exists in the database, how can I get multiple values checked in the dropdown list after they have already been applied? Right now you have to reselect all values. The values in SQL are pipe delimited as well. 

string SqlInsert = "";
            foreach (ListItem item in item.Items)
            {
                if (item.Selected)
                {
                    item.Text = item + "|";
                    SqlInsert += item.Text;
                }

            }

            Connection conn = new Connection();
            conn.Open(connections.newconn);
            Recordset rs1 = new Recordset();
            string Sql1 = "";

            Sql1 = $"UPDATE users SET item = ('{SqlInsert}') WHERE Email = '{EmailTextBox.Text}'";
            rs1.Open(Sql1, conn);
rjbyron1013
  • 30
  • 8
  • Please parameterise your sql query. See [Why do we always prefer using parameters in SQL statements?](https://stackoverflow.com/questions/7505808/why-do-we-always-prefer-using-parameters-in-sql-statements). What would happen if someone entered `'; drop table users; --` into the email textbox? – haldo Sep 26 '19 at 22:02
  • @haldo will do. Thank you – rjbyron1013 Sep 27 '19 at 12:04

0 Answers0