Insert statement on asp.net not inserting on mysql table
I am creating a web form on asp.net that will allow the end user to assign multiple users bassed on a selected department to a quiz..
the database is mysql database since I use joomla
the tables on mysql are: jos_users_quizzes with the following columns:
id
quiz_id
user_id
I have a second is called called
jos_dhruprofile with this columns
id
name
username
department
I need to select all user ids from selected department and insert those id into the user_quizzes table.
I have two queries trying to to insert the first one which has the condition for selected department doesnt work while the one without the were statement actually inserts, I get no errors , just the insertion doesnt go..
string quizidselected = DropDownList1.SelectedValue;
string deptselected = ListBox2.SelectedValue;
OdbcCommand开发者_JAVA技巧 cmd = new OdbcCommand("INSERT INTO jos_jquarks_users_quizzes (user_id, quiz_id) SELECT uid, ' " + quizidselected + " ' FROM jos_dhruprofile WHERE department = ' " + deptselected.ToString() + " '");
// OdbcCommand cmd = new OdbcCommand("INSERT INTO jos_jquarks_users_quizzes (user_id, quiz_id) SELECT uid, ' " + quizidselected + " ' FROM dhruprofile ");
THANKS IN ADVANCE FOR LOOKING MY CODE
Full code
Code from and ASP.NET form to insert ....
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Collections.Specialized;
using System.Text;
using System.Data;
using System.Data.Odbc;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
private void InsertRecords(StringCollection sc)
{
string ConnectionString = @"driver={MySQL ODBC 5.1 Driver};server=appdevelsvr;database=xxxx;uid=xx;pwd=xx;";
OdbcConnection conn = new OdbcConnection(ConnectionString);
try
{
conn.Open();
string quizidselected = DropDownList1.SelectedValue;
string deptselected = ListBox2.SelectedValue;
OdbcCommand cmd = new OdbcCommand("INSERT INTO jos_jquarks_users_quizzes (user_id, quiz_id) SELECT uid, ' " + quizidselected + " ' FROM jos_dhruprofile WHERE department = ' " + deptselected.ToString() + " '");
// OdbcCommand cmd = new OdbcCommand("INSERT INTO jos_jquarks_users_quizzes (user_id, quiz_id) SELECT uid, ' " + quizidselected + " ' FROM dhruprofile ");
cmd.Connection = conn;
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
Page.ClientScript.RegisterClientScriptBlock(typeof(Page), "Script", "alert('Records Successfuly Saved!');", true);
Response.Write(deptselected.ToString());
// Response.Write(sql.ToString());
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
StringCollection sc = new StringCollection();
foreach (ListItem item in ListBox2.Items)
{
if (item.Selected)
{
sc.Add(item.Text);
}
}
InsertRecords(sc);
}
}
I am assuming that the query you want us to debug is the one with the where clause.
Please set a breakpoint at the line where you are creating a new odbc command for cmd. You need to check the value of 'deptselected'.
Alternatively, you can debug.writeline the SQL statement and copy-paste it into a SQL query UI. Please run the select by itself. I think it will not return any rows because either 'deptselected' doesn't exist in your table or 'deptselected' is empty.
Also, two good programming pointers:-
1). Use parameterized SQL statements instead of appending values into the string. Your code is vulnerable to a SQL injection attack. This is very bad.
2). 'deptselected' is already a string, you do not need to 'ToString' it again.
Hope this helps.
Edit:- I just read the comments above. Do a select * (star) on that table and where someother_column = another_value to get the same row that you are interested in. Check the string lenght of your department column. Check if you have spaces at the beginning of the string or after.
加载中,请稍侯......
精彩评论