asp.net - Data from input box not inserting in to database -
i made form insert information in database. don't know error coming from. it's not inserting information input fields database.
here's code:
protected sub button1_click(byval sender object, byval e system.eventargs) handles button1.click dim id, name, description, code, cat_industry, cat_theme, cat_occasion, cat_budget string id = product_id.text name = product_name.text description = product_description.text code = item_code.text cat_industry = industry.selectedvalue cat_theme = theme.selectedvalue cat_occasion = occasion.selectedvalue cat_budget = budget.selectedvalue try dim str1 string = "insert product (id, product_name, product_description, item_code, industry, theme, occasion, budget) values ('" + id + "', '" + name + "', '" + description + "', '" + code + "', '" + cat_industry + "', '" + cat_theme + "', '" + cat_occasion + "', '" + cat_budget + "')" con.open() dim cmd new sqlcommand(str1, con) cmd.executenonquery() con.close() catch ex exception response.write(ex) end try end sub
your column names can't referenced product name
, product description
space - need escape [product name], [product description]
etc.
but please refrain inserting data directly - instead should parameterizing input variables. has benefits both performance , security (sql injection) perspective.
dim str1 string = "insert product (id, [product name], [product description], item_code, etc) " _ " values (@id, @name, @description, @code, etc)" con.open() dim cmd new sqlcommand(str1, con) cmd.parameters.addwithvalue("@id", id ) cmd.parameters.addwithvalue("@name", name ) ... etc cmd.executenonquery()
Comments
Post a Comment