How can I ensure that only data entered gets inserted into the db?
Hello again and please forgive me for posting again. I do this when I realize I am having problem fixing it myself.
Please take a look at the code below. I was told by the individual that developed it originally that the code only adds the rows of data the user entered. In other words, there 5 rows of textboxes. A user can enter data into one row or into all 5 rows. If the user enters data into one row of textbox, that's what gets inserted into the db.
I made some minor change to the code so that users can tell when a payment is made by check or cash payment.
Since I made that change, whether a user enters data into one row or all 5 rows, all 5 rows get inserted into the db.
How can I modify this code to ensure only rows entered get inserted?
I am really,really sorry for bothering you guys again and many thanks for all your help.
For x = 1 To 5 Step 1
dedval = obr.FindControl("ded" & CStr(x))
chckvalflag = obr.FindControl("chck" & CStr(x))
checkboxval = obr.FindControl("chckBox" & CStr(x))
onetimeval = obr.FindControl("onetime" & CStr(x))
chcknumval = obr.FindControl("chcknum" & CStr(x))
multival = obr.FindControl("multi" & CStr(x))
*If (chckvalflag.Text <> "" Or chckvalflag.Text <> "0") And Not checkboxval.Checked Then
cashval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chckval = ""
chcknumval.Text = "Cash Payment"
Else
chckval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chcknumval = obr.FindControl("chcknum" & CStr(x))
End If*
If dedval.Text <> "-1" And donatechoice.SelectedItem.Value <> "No" Then
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & multival.Text & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datest开发者_如何学Goamp, "'", "''") & "');"
End If
If donatechoice.SelectedItem.Value = "No" Then
x = 6
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & Replace(multival.Text, "'", "''") & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datestamp, "'", "''") & "');"
End If
Next
Just add some conditions to validate the data was entered into the inputs in each row.
If Not String.IsNullOrEmpty(String.Concat(TextBox1.Text, TextBox2.Text, TextBox3.Text)) Then
'insert logic here
End If
On a side note, I would suggest modifying the code to use parameters instead. The code is ripe for SQL-injection.
Look into using parametrized stored procedures instead of building your SQL as a string. Right now your application can be SQL injected. If you gave me a link to your application, I could wipe out all the data in your
Contribs
table (assuming the identity the thread is running under has permission; regardless, your query can be killed via syntax based on user input).If you only want to insert records depending on what textboxes the user filled out, just use a case statement or if block to check for values in those textboxes. If the user entered a value, execute a function which hits the database.
精彩评论