0

This is my code

protected void btnnext_Click(object sender, EventArgs e)
{
    string clientId = Context.User.Identity.GetUserId();

    if (clientId != null)
    {
        SqlConnection con = new SqlConnection("Data Source=Mickey\\SQLEXPRESS;Initial Catalog=db1;Integrated Security=True;MultipleActiveResultSets=True;Application Name=EntityFramework");
        SqlCommand com;

        con.Open();

        for(int i = 0; i < GridView1.Rows.Count; i++)
        {
            string fn = GridView1.Rows[i].Cells[2].Text;
            string ln = GridView1.Rows[i].Cells[3].Text;
            string ad = GridView1.Rows[i].Cells[4].Text;
            string pn = GridView1.Rows[i].Cells[6].Text;
            string em = GridView1.Rows[i].Cells[7].Text;

            string str = "insert into orders  
              (FirstName, LastName, Address, PhoneNumber, Email,
               TotalAmount,ModeofDelivery, ClientId, OrderNo, SpecialMess) 
               values(' " + fn + " ',' " + ln + " ',' " + ad+
               " ',' " + pn + " ',' " + em + " ',' " + Label6.Text + 
               " ',' " + Label4.Text + " ',' " + clientId + 
               " ',' " + Label1.Text + " ',' " + TextBox1.Text + " ' )"; 

            com = new SqlCommand(str, con);
            com.ExecuteNonQuery();
        }

        string stri = "insert into orderDetails(orderNo, clientId, productId, quantity) select ' " + Label1.Text + " ',client_id,product_id,amount from cart where client_id = ' " + clientId + " '  ";

        com = new SqlCommand(stri, con);
        com.ExecuteNonQuery();

        con.Close();

        Response.Redirect("~/Pages/orders.aspx");
    }
}

In this particular code, I am trying to insert data into two different tables.The first section of code is working properly where data is fetched from the gridview but the second section is not working properly even it is not throwing any errors still data does not get stored into the table. 

   string stri = "insert into orderDetails(orderNo,clientId,productId,quantity) select ' " + Label1.Text + " ',client_id,product_id,amount from cart where client_id = ' " + clientId + " '  ";
        com = new SqlCommand(stri, con);
        com.ExecuteNonQuery();
        con.Close();
        Response.Redirect("~/Pages/orders.aspx");

Any solution?

Improve this question
6
  • 7
    Try running your insert statement directly in SSMS with your values, does it insert? Also, your code is open to injection. Use parameterized queries. Commented Jun 2, 2017 at 14:43
  • 5
    Then where client_id = ' " + clientId + " ' is not satisfied so nothing is selected & nothing is inserted. (Note the extra spaces you have - another reason this must be rewritten as a parameterized query) Commented Jun 2, 2017 at 14:45
  • What type is client_id? You are comparing against it as it was a nvarchar with spaces on either side. Commented Jun 2, 2017 at 14:46
  • As Alex pointed out that client_id criteria does not meet. One thing I always do is put the break point right at com = new SqlCommand(stri, con). Then find out the content of stri in the watch. Execute that value in SSMS. Then you will find out why it does not insert Commented Jun 2, 2017 at 14:49
  • 2
    Are you sure? I entered '; DROP Table Orders; -- and get an error screen all the time now. DON'T use string concatenation. Use parameterized queries. They are a easier to write, faster and safer Commented Jun 2, 2017 at 14:50

1 Answer 1

Reset to default
3

I would guess your subquery is not returning any rows because you're padding your id with spaces.

where client_id = ' " + clientId + " '  "

is going to produce sql that looks like

where client_id = ' 9 '

which probably wont match any records.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

A problem he would not have if he would use paramaterized queries

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.