I am trying to pass a protected DataRow[] msgArray; from code-behind to the .net page.
msgArray contains rows from a DB table that I selected, when I do Response.Write(msgArray[0]["comment"]) it outputs correctly what I have stored in the comment column in my DB.
The problem is that I cannot do the same in my .net page when I load the page where I do this:
<asp:Panel ID="commentSection" runat="server">
<%= msgArray[0]["comment"] %>
</asp:Panel>
I get a Object reference not set to an instance of an object.
What am I doing wrong ?
This is my code-behind(.cs) :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using MySql.Data.MySqlClient;
namespace Groups
{
public partial class Group : System.Web.UI.Page
{
MySql.Data.MySqlClient.MySqlConnection conn;
MySql.Data.MySqlClient.MySqlCommand cmd;
MySql.Data.MySqlClient.MySqlDataReader reader;
String queryStr;
String gname;
String gtype;
String uname;
DataTable group = new DataTable();
DataTable msg = new DataTable();
protected DataRow[] msgArray;
protected void Page_Load(object sender, EventArgs e)
{
String id = Request.QueryString["id"];
if (id != null)
{
String connString = System.Configuration.ConfigurationManager.ConnectionStrings["GroupsConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "SELECT g.*, (SELECT COUNT(id) FROM app_groups.users_groups_leg ugl WHERE ugl.id_group = g.id) as member_count FROM app_groups.groups g WHERE g.id = " + id;
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
group.Load(reader = cmd.ExecuteReader());
var groupArray = group.AsEnumerable().ToArray();
reader.Close();
int member_count = 0;
int.TryParse(groupArray[0]["member_count"].ToString(), out member_count);
Panel grInfo = new Panel();
grInfo.Controls.Add(new LiteralControl("<br/><div class='panel panel-primary'><div class='panel-heading'><h2>" + groupArray[0]["group_name"] + "</h2></div><div class='panel-body'><span>Categorie: <span class='title'>" + groupArray[0]["group_type"] + "</span></span><br/><span class='membrii'>" + (member_count == 1 ? member_count + " membru" : member_count + " membri") + "</span><br/><span>Fondat pe: " + ConvertUnixTimeStamp(groupArray[0]["founded"].ToString()) + "</span><br/></div></div>"));
groupInfo.Controls.Add(grInfo);
conn.Close();
showComments();
}
}
public static DateTime? ConvertUnixTimeStamp(string unixTimeStamp)
{
return new DateTime(1970, 1, 1).AddSeconds(Convert.ToDouble(unixTimeStamp) + 3600*2);
}
public DataRow[] showComments()
{
String id = Request.QueryString["id"];
if (id != null)
{
String connString = System.Configuration.ConfigurationManager.ConnectionStrings["GroupsConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "SELECT gc.* FROM app_groups.group_comments gc WHERE gc.id_group = " + id;
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
msg.Load(reader = cmd.ExecuteReader());
msgArray = msg.AsEnumerable().ToArray();
reader.Close();
Response.Write(msgArray[0]["comment"]);
/*Panel grComments = new Panel();
grComments.Controls.Add(new LiteralControl(""));
groupInfo.Controls.Add(grComments);*/
}
return msgArray;
}
}
}
Create a new class dataAccess.cs
using System;
using System.Data;
namespace Groups
{
public class dataAccess
{
public List<string> GetComments()
{
String connString = System.Configuration.ConfigurationManager.ConnectionStrings["GroupsConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
try
{
MySql.Data.MySqlClient.MySqlDataReader reader;
DataTable msg = new DataTable();
conn.Open();
List<string> comments = new List<string>();
queryStr = "SELECT gc.* FROM app_groups.group_comments gc WHERE gc.id_group = " + id;
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
msg.Load(reader = cmd.ExecuteReader());
foreach(DataRow dr in msg.Rows)
{
comments.Add(dr["comment"]);
}
reader.Close();
return comments;
}
catch (Exception ex)
{
//throw ex;
}
}
}
}
In the ASPX page
<asp:Panel ID="commentSection" runat="server">
<%
var data = Groups.dataAccess.GetComments();
foreach(string c in data)
{
Response.Write("<p>" + c + "</p>");
}
%>
</asp:Panel>
According to ASP.NET Page Life cycle, your method showComments() will be called after the <%= msgArray[0]["comment"] %> part. Hence it won't be available there.
Best way is to have a control like Label in your .aspx page and update the text property from showComments() method.
Related
I have written a user control an editable GridView. Here is the code of the control in design (file: editableGridView.ascx)
<%# Control Language="C#" AutoEventWireup="true" CodeBehind="editableGridView.ascx.cs" Inherits="WebApplication1.EditableGridView" %>
<asp:GridView ID="EditableGrid" runat="server" Width="500px" Height="500px" AllowSorting="True"
AutoGenerateDeleteButton="True" AutoGenerateEditButton="True"
OnRowEditing="EditableGrid_RowEditing"
OnRowCancelingEdit="EditableGrid_RowCancelingEdit"
OnRowUpdating="EditableGrid_RowUpdating"
OnRowDeleting="EditableGrid_RowDeleting"
></asp:GridView>
And here is the code behind: (File: editableGridView.ascx.cs)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
namespace WebApplication1
{
public partial class EditableGridView : System.Web.UI.UserControl
{
public string connstr { get; set; }
public string tablename { get; set; }
public string selectcmd { get; set; }
private List<EdField> fields;
private SqlConnection con;
protected void Page_Load(object sender, EventArgs e)
{
}
public void InitGrid(string theconnstr, string tablename)
{
con = new SqlConnection(connstr);
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM " + tablename;
using (SqlDataReader rd = cmd.ExecuteReader())
{
if (!rd.HasRows) return;
fields = new List<EdField>();
for (int i =0; i < rd.FieldCount; i++)
{
fields.Add(new EdField(rd.GetName(i), rd.GetDataTypeName(i)));
}
}
}
}
public void Bind()
{
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandText = selectcmd;
using (SqlDataAdapter da = new SqlDataAdapter(cmd))
{
using (DataTable dt = new DataTable())
{
da.Fill(dt);
EditableGrid.DataSource = dt;
EditableGrid.DataBind();
EditableGrid.Visible = true;
}
}
}
con.Close();
}
protected void EditableGrid_RowEditing(object sender, GridViewEditEventArgs e)
{
EditableGrid.EditIndex = e.NewEditIndex;
Bind();
}
protected void EditableGrid_RowCancelingEdit(object sender, GridViewCancelEditEventArgs e)
{
EditableGrid.EditIndex = -1;
Bind();
}
protected void EditableGrid_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
GridViewRow row = (GridViewRow)EditableGrid.Rows[e.RowIndex];
List<TextBox> tbs = new List<TextBox>();
for (int i = 1; i < fields.Count; i++)
{
tbs.Add((TextBox)row.FindControl("textbox" + i.ToString()));
}
EditableGrid.EditIndex = -1;
String sql = "UPDATE " + tablename + "SET " ;
for (int i = 1; i < fields.Count; i++)
{
sql += fields[i].Name;
sql += " = ";
sql += ProperFormatField(fields[i].DataTypeName, tbs[i].Text);
if (i < fields.Count - 1)
{
sql += " , ";
}
}
Label lbl = (Label)row.FindControl("lblid");
sql += " WHERE " + fields[0].Name + " = " + lbl.Text;
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
con.Close();
Bind();
}
protected void EditableGrid_RowDeleting(object sender, GridViewDeleteEventArgs e)
{
GridViewRow row = (GridViewRow)EditableGrid.Rows[e.RowIndex];
Label lbl = (Label)row.FindControl("lblid");
String sql = "DELETE " + tablename;
sql += " WHERE " + fields[0].Name + " = " + lbl.Text;
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
con.Close();
Bind();
/* */
}
private String ProperFormatField(String dtf, String s)
{
if (
(dtf == "CHAR") ||
(dtf == "VARCHAR") ||
(dtf == "NVARCHAR") ||
(dtf == "NCHAR") ||
(dtf == "DATE") ||
(dtf == "DATETIME") ||
(dtf == "DATETIME2")
)
{
return "'" + s + "'";
}
else
return s;
}
}
public class EdField
{
private String myName;
private String myDataTypeName;
public String Name
{
get { return myName; }
set { myName = value; }
}
public String DataTypeName
{
get { return myDataTypeName; }
set { myDataTypeName = value; }
}
public EdField(String theName, String theDataTypename)
{
myName = theName;
myDataTypeName = theDataTypename.ToUpper();
}
}
}
Now in my page where I want to place my control I write:
<%# Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm2.aspx.cs" Inherits="WebApplication1.WebForm2" %>
<%# Register TagPrefix="mygrids" TagName="EditableGridView" Src="editableGridView.ascx"%>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<mygrids:EditableGridView ID="edgv1"></mygrids:EditableGridView>
</div>
</form>
</body>
</html>
But there is a green marking under EditableGridView and the hint says: "the element EditableGridView is not known. The problem could be to a compilation error of the site or the file web.config is missing"
Any Help or idea Here?
I am trying to make something like a Bank Statement Application but i have a problem along the line.
Now it gets the datasource and all , but doesnt get the values from the Database and display on a report viewer. Apparently i am missing something , Hence i decided to bring it on here
Code Looks like this:
namespace TmpZ
{
public partial class BalanceSheet : Form
{
string constring = ConfigurationManager.ConnectionStrings["ConnData"].ConnectionString;
public BalanceSheet()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
if (accountNo1.Text == "")
{
MessageBox.Show("Please Enter Account Number");
}
else
{
DataTable dtb = new DataTable();
dtb = GenerateBankStatement(dtb);
reportViewer1.LocalReport.DataSources.Clear();
ReportDataSource rpd = new ReportDataSource("DataSet1", dtb);
reportViewer1.LocalReport.DataSources.Add(rpd);
reportViewer1.RefreshReport();
}
}
private DataTable GenerateBankStatement(DataTable dt)
{
using (SqlConnection cn = new SqlConnection(constring))
{
try
{
SqlDataAdapter da = new SqlDataAdapter("SELECT [id] as id, [transaction_desc] as transaction_desc,[credit] as credit, [debit] as debit, [balance] as balance, [transaction_date] as transaction_date FROM transactions WHERE(accountNo1 = '" + accountNo1.Text + "') AND(transaction_date BETWEEN '" + dateFrom.Text + "' AND '" + dateTo.Text + "')", cn);
da.Fill(dt);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
return dt;
}
}
}
What am I missing? it shows empty data on Boxes in reportviewer.
Ok i finally fixed it. It was an issue with the Date Formatting. I had to make them strings and the code Works Fine at this point. Code now looks like this for those that want to work on something like this Much later
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Microsoft.Reporting.WinForms;
namespace TwpZ
{
public partial class BalanceSheet : Form
{
string constring = ConfigurationManager.ConnectionStrings["ConnData"].ConnectionString;
public BalanceSheet()
{
InitializeComponent();
}
private void BalanceSheet_Load(object sender, EventArgs e)
{
}
private void reportViewer1_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
if (accountNo1.Text == "")
{
MessageBox.Show("Please Enter Account Number");
}
else
{
DataTable dtb = new DataTable();
dtb = GenerateBankStatement(dtb);
reportViewer1.LocalReport.DataSources.Clear();
ReportDataSource rpd = new ReportDataSource("DataSet1", dtb);
reportViewer1.LocalReport.DataSources.Add(rpd);
reportViewer1.RefreshReport();
}
}
private DataTable GenerateBankStatement(DataTable dt)
{
using (SqlConnection cn = new SqlConnection(constring))
{
try
{
string dateF = Convert.ToDateTime(dateFrom.Text).ToString("dd-MM-yyyy");
string dateT = Convert.ToDateTime(dateTo.Text).ToString("dd-MM-yyyy");
SqlDataAdapter da = new SqlDataAdapter("SELECT [id] as id, [transaction_desc] as transaction_desc,[credit] as credit, [debit] as debit, [balance] as balance, [transaction_date] as transaction_date FROM transactions WHERE(accountNo1 = '" + accountNo1.Text + "') AND(transaction_date BETWEEN '" + dateF + "' AND '" + dateT + "')", cn);
//SqlDataAdapter da = new SqlDataAdapter("SELECT [id] as id, [transaction_desc] as transaction_desc,[credit] as credit, [debit] as debit, [balance] as balance, [transaction_date] as transaction_date FROM transactions WHERE(accountNo1 = '" + accountNo1.Text + "')", cn);
da.Fill(dt);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
return dt;
}
}
}
I'd like to know if my Update SQL statement is correct, because I have a form where I wanna edit some data. But, for any reason, the form doesn't save the updates and nothing happens in db.
This is my code-behind:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
public partial class edit : System.Web.UI.Page
{
SqlConnection con = new SqlConnection("Data Source=CASSIA-PC\\SQLEXPRESS;Initial Catalog=clientes;Integrated Security=True");
protected void Page_Load(object sender, EventArgs e)
{
string v = Request.QueryString["id"];
SqlCommand cmd = new SqlCommand("SELECT idCliente, nmCliente, fantasia, cpf, cep, logradouro, numero, complemento, bairro, cidade, estado, telefone, celular, insEstadual, insMunicipal, email, homePage, tbClientes.tpCliente, tbTipoClientes.idTipoCliente, tbTipoClientes.nmTipoCliente FROM tbClientes INNER JOIN tbTipoClientes ON tbClientes.tpCliente = tbTipoClientes.idTipoCliente WHERE idCliente = '" + v + "'", con);
try
{
con.Open();
using (var reader = cmd.ExecuteReader())
{
while (reader.Read()) {
txtId.Text = reader["idCliente"].ToString();
txtNome.Text = reader["nmCliente"].ToString();
txtFantasia.Text = reader["fantasia"].ToString();
txtCPF.Text = reader["cpf"].ToString();
txtCEP.Text = reader["cep"].ToString();
txtLogradouro.Text = reader["logradouro"].ToString();
txtNumero.Text = reader["numero"].ToString();
txtComplemento.Text = reader["complemento"].ToString();
txtBairro.Text = reader["bairro"].ToString();
txtCidade.Text = reader["cidade"].ToString();
txtEstado.Text = reader["estado"].ToString();
txtTelefone.Text = reader["telefone"].ToString();
txtCelular.Text = reader["celular"].ToString();
txtInscEstadual.Text = reader["insEstadual"].ToString();
txtInscMunicipal.Text = reader["insMunicipal"].ToString();
txtEmail.Text = reader["email"].ToString();
txtSite.Text = reader["homePage"].ToString();
}
}
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
con.Close();
}
}
protected void btnEditar_Click(object sender, EventArgs e)
{
string v = Request.QueryString["id"];
con.Open();
SqlCommand cmd = new SqlCommand("UPDATE tbClientes SET nmCliente = '"+txtNome.Text+"', fantasia = '"+txtFantasia.Text+"', cpf = '"+txtCPF.Text+"', cep = '"+txtCEP.Text+"', logradouro = '"+txtLogradouro.Text+"', numero = '"+txtNumero.Text+"', complemento = '"+txtComplemento.Text+"', bairro = '"+txtBairro.Text+"', cidade = '"+txtCidade.Text+"', estado = '"+txtEstado.Text+"', telefone = '"+txtTelefone.Text+"', celular = '"+txtCelular.Text+ "', insEstadual = '"+txtInscEstadual.Text+"', insMunicipal = '"+txtInscMunicipal.Text+"', email = '"+txtEmail.Text+"', homePage = '"+txtSite.Text+"' WHERE idCliente = '" + v + "'", con);
try
{
cmd.ExecuteNonQuery();
}
catch(Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
con.Close();
}
}
}
I'm pretty sure your problem is:
WHERE idCliente = '" + v + "'"
Because the Client ID is most likely a numeric field in the database you want to treat it as such:
WHERE idCliente = " + v
As Blorgbeard mentions you need to use Parameterised commands to protect against an SQL Injection attack. This will also solve issues such as textboxes containing apostrophes and etc that would also cause your UPDATE to fail.
I agree with Jeremy, also better if you change to parameterized query OR set your query with a label, copy query and test it directly in SQL Server.
string query = "Update..."
Copy query text and test it directly in SQL Server.
I am trying to insert an Access table record with information from a combobox. I am using a winform and C#. I have simplified my project to just include the problem area. I am showing three methods with 4 controls (2 buttons and 2 comboboxes. The first method is connecting to an Access database and then showing a list of the tables and views in the first combobox. this method will also call the last method, SelectName() and fill the second combobox with field contents from a predetermined table from the selected database. The second method (buttonInsert_Click()) is where my problem lies. I would like the method to insert into one of the selected tables from combobox1 the selected item from combobox2 when the insert button is clicked. The only content I can get to insert into the selected table is
System.Data.DataRowView
The C# section of my project is below. Any suggestions are appreciated. Thank You.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;
namespace DbApp
{
public partial class Form1 : Form
{
private char ch = '"';
private OleDbConnection dbConn;
private string sql = "";
public Form1()
{
InitializeComponent();
}
private void buttonConnect_Click(object sender, EventArgs e)
{
string connectionString = "";
string stringData = "";
openFileDialog1.Filter = "";
openFileDialog1.ShowDialog();
Text = openFileDialog1.FileName;
stringData = openFileDialog1.FileName;
connectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + ch + Text + ch;
if (dbConn != null)
dbConn.Close();
dbConn = new OleDbConnection(connectionString);
dbConn.Open();
comboBox1.Items.Clear();
DataTable info = dbConn.GetSchema("Tables");
for (int x = 0; x < info.Rows.Count; ++x)
{
if ((info.Rows[x][3].ToString() == "TABLE") || (info.Rows[x][3].ToString() == "VIEW"))
{
comboBox1.Items.Add((object)info.Rows[x][2].ToString());
}
}
SelectName();
}
private void buttonInsert_Click(object sender, EventArgs e)
{
string name = this.comboBox2.SelectedItem.ToString();
try
{
dbConn = new OleDbConnection();
dbConn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=" + ch + openFileDialog1.FileName + ch;
dbConn.Open();
sql = "INSERT INTO " + this.comboBox1.SelectedItem.ToString() + " (Names)" +
"Values (#name)";
OleDbCommand myCommand = new OleDbCommand(sql, dbConn);
myCommand.Parameters.Add("#name", OleDbType.VarChar).Value = name;
myCommand.ExecuteNonQuery();
myCommand.Connection.Close();
}
catch (Exception err)
{
MessageBox.Show("Error: " + err.Message.ToString());
}
}
private void SelectName()
{
string strCon = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=" + ch + openFileDialog1.FileName + ch;
try
{
using (dbConn = new OleDbConnection(strCon))
{
dbConn.Open();
sql = "SELECT Name FROM Names";
OleDbDataAdapter adapter = new OleDbDataAdapter(new OleDbCommand(sql, dbConn));
DataSet ds = new DataSet();
adapter.Fill(ds, "Names");
comboBox2.Items.Clear();
this.comboBox2.DataSource = ds.Tables["Names"];
this.comboBox2.DisplayMember = "Name";
}
}
catch (Exception ex)
{
MessageBox.Show("Error: " + ex.Message.ToString());
}
}
}
}
Try this:
string name = this.comboBox2.Text;
I am trying to format the text of my drop down list but nothing seems to work. Here is my code below:
Drop down list:
<asp:DropDownList runat="server" ID="ddlSalary" CssClass="ddlBox"
CausesValidation="true" AutoPostBack="true"
onselectedindexchanged="ddlSalary_SelectedIndexChanged" />
Code behind:
if (!IsPostBack)
{
ddlSalary.DataSource = Placements.DropDownPopulating("Placement_Salary_From");
ddlSalary.DataBind();
ddlSalary.Items.Insert(0, new ListItem("-- Salary --", "0"));
Results:
6.0000
200.0000
1000.0000
But I would like:
£6
£200
£1000
I have tried using:
ddlSalary.DataTextFormatString = "{0:C}";
EDIT
Populating drop down list:
public static List<string> DropDownPopulating(string selectedFilter)
{
List<string> returnVal = new List<string> { };
using (SqlConnection sqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["websiteContent"].ConnectionString))
{
sqlCon.Open();
string SQL = "SELECT DISTINCT " + selectedFilter + " FROM Placements";
using (var CMD = new SqlCommand(SQL, sqlCon))
{
using (var DR = CMD.ExecuteReader())
{
while (DR.Read())
{
returnVal.Add(DR[selectedFilter].ToString());
}
}
}
sqlCon.Close();
}
return returnVal;
}
You should use a numeric datatype if you want the formatting to work:
public static List<T> DropDownPopulating<T>(string selectedFilter)
{
var returnVal = new List<T>();
var connectionString = ConfigurationManager.ConnectionStrings["websiteContent"].ConnectionString;
using (var con = new SqlConnection(connectionString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "SELECT DISTINCT " + selectedFilter + " FROM Placements";
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
// if you are using .NET 4.5
returnVal.Add(reader.GetFieldValue<T>(reader.GetOrdinal(selectedFilter)));
// if you are using .NET 4.0 or older:
// returnVal.Add((T)reader.GetValue(reader.GetOrdinal(selectedFilter)));
}
}
}
return returnVal;
}
and then:
ddlSalary.DataSource = Placements.DropDownPopulating<decimal>("Placement_Salary_From");
ddlSalary.DataTextFormatString = "{0:C}";
ddlSalary.DataBind();
use this query to get data.....
select '$'+Cast((Cast(Price as int))as varchar) from TableName