ASP.NET - Syntax Qry Err

Asked By Rahul
09-Feb-12 02:11 AM

cmd = new SqlCommand("select sum(credit) AS total from creditadd where cid<=cid and where userid='" + TextBox1.Text + "' and username='" + TextBox2.Text + "'", con);

and if u knnow easy method means tell me how to use easily qry in sqlserver ?

  Danasegarane Arunachalam replied to Rahul
09-Feb-12 02:15 AM
What is the error message.

Use parameters instead of string concat as

cmd = new SqlCommand("select sum(credit) AS total from creditadd where cid<=cid and where userid=@Userid and username=@UserName", con);

//Add parameters

cmd.parameters.addwithvalue("Userid ",TextBox1.Text);
cmd.parameters.addwithvalue("UserName ",TextBox2.Text);

//Execute the query
cmd.ExecuteNonQuery();



Parameter collection takes care of SQL Injection and datatype conversion
  dipa ahuja replied to Rahul
09-Feb-12 02:55 AM
You can't write more than one Where in your query.

U can combine more condition with the AND keyword

for ex:

cmd = new SqlCommand("select sum(credit) AS total from creditadd where (cid<=cid ) AND (userid='" + TextBox1.Text + "') AND (username='" + TextBox2.Text + "')", con);   
  Rahul replied to dipa ahuja
09-Feb-12 03:12 AM
thank you for your nice  coding your codings are all helpfull fro me.
  dipa ahuja replied to Rahul
09-Feb-12 03:20 AM
Your welcome :)
  Rahul replied to dipa ahuja
09-Feb-12 04:10 AM
Qry Err:

cmd = new SqlCommand("select sum(DISTINCT credit) AS total from creditadd where cid<=cid and userid='" + TextBox1.Text + "' and username='" + TextBox2.Text + "'", con);  //Distinct Qry err here

i know codings for update, but in my table it update correctly but iam update means it will update correctly but it not calculation correctly ?

Ex:

user   point    total
 user1   50   50
user1    100    150 // if i update means point is 50means it want to show in last total 200 but it not showing it ?
user1    100    250  //want to display 200 when i am update 50points means ?

my update qry:

else

 

 

if (e.CommandName == "upd")

{

 

 

LinkButton lkbupd = (LinkButton)e.CommandSource as LinkButton;

 

 

GridViewRow row = lkbupd.NamingContainer as GridViewRow;

 

 

Label lbid = (Label)row.FindControl("lblid");

 

 

TextBox txcredit = (TextBox)row.FindControl("txtcredit");

 

 

TextBox txtotal = (TextBox)row.FindControl("txttotal");

cmd =

 

new SqlCommand("update creditadd set credit='" + txcredit.Text + "',total='"+txtotal.Text+"' where cid ='" + lbid.Text + "'", con);

cmd.ExecuteNonQuery();

GridView1.EditIndex = -1;

Response.Write(

 

"Updated Successfully");

bindgrid();

dropbind();

}

 

 





Create New Account
help
BackColor = "White" / > <Columns> <asp:TemplateField HeaderText = "ClientID" SortExpression = "ClientID"> <ItemTemplate> <%# Eval("ClientID") %> < / ItemTemplate> <EditItemTemplate> <asp:TextBox ID = "TextBox1" runat = "server" Text = '<%# Eval("ClientID") %> ' ReadOnly = "true"> < / asp:TextBox> < / EditItemTemplate> <FooterTemplate> <asp:TextBox ID = "newTextBox1" runat = "server"> < / asp:TextBox> < / FooterTemplate> < / asp:TemplateField> <asp:TemplateField HeaderText = "Salutation" SortExpression = "Salutation"> <ItemTemplate> <%# Eval("Salutation") %> < / ItemTemplate> <EditItemTemplate> <asp TextBox ID = "TextBox2" runat = "server" Text = '<%# Eval("Salutation") %> '> < / asp:TextBox> < / EditItemTemplate> <FooterTemplate> <asp:TextBox ID = "newTextBox2" runat = "server"> < / asp:TextBox> < / FooterTemplate> < / asp:TemplateField> <asp:TemplateField HeaderText = "Name" SortExpression = "Name"> <ItemTemplate> <%# Eval("Name") %> < / ItemTemplate> <EditItemTemplate> <asp
EventArgs e) { / / string constr = ConfigurationManager.ConnectionStrings["ConStr"].ToString(); / / SqlConnection con = new SqlConnection(constr); / / con.Open(); / / SqlCommand cmd = new SqlCommand("Sp_SearchUsers", con); / / cmd.CommandType = CommandType.StoredProcedure; / / cmd.Parameters.AddWithValue("@SearchText", txtSearch.Text.Trim()); / / SqlDataReader reader void bindgrid() { string constr = ConfigurationManager .ConnectionStrings[ "ConStr" ].ToString(); SqlConnection con = new SqlConnection (constr); con.Open(); SqlCommand cmd = new SqlCommand ( "Sp_SearchUsers" , con); cmd.CommandType = CommandType .StoredProcedure; cmd.Parameters.AddWithValue( "@SearchText" , txtSearch.Text.Trim()); SqlDataReader reader EditIndex = -1; bindgrid(); } protected void GridEmp_RowUpdating( object sender, GridViewUpdateEventArgs e) { DataTable dt = ( DataTable )Session[ "Employee_I" ]; GridViewRow row = GridEmp.Rows[e.RowIndex]; dt.Rows[GridEmp.EditIndex][ "EmpID" ] = (( TextBox )row.Cells[1].Controls[0]).Text; dt.Rows[GridEmp.EditIndex][ "EmpName" ] = (( TextBox )row.Cells[2].Controls[0]).Text; dt.Rows[GridEmp.EditIndex][ "EmpSalary TextBox )row.Cells[3].Controls[0]).Text; dt.Rows[GridEmp.EditIndex][ "DOJ" ] = (( TextBox )row.Cells[4
do this in this codings ? This is normal insert running total my program: cmd = new SqlCommand ( "select sum(credit) AS total from creditadd where cid< = cid and userid = '" + TextBox1.Text + "' and GB" , true ); from = DateTime .Parse(TextBox4.Text.Trim(), Cul, System.Globalization. DateTimeStyles .NoCurrentDateDefault); cmd = new SqlCommand ( "insert into creditadd(fromdate, userid, username, services, credit, total, type, categorytype)values('" + from.ToShortDateString() + "', '" + TextBox1 Text + "', '" + DropDownList1.SelectedItem.Value + "', '" + TextBox3.Text + "', '" + f + "', '" + DropDownList2.SelectedItem.Value + "', '" + DropDownList3.SelectedItem.Value + "')" , con); cmd.ExecuteNonQuery(); TextBox1.Text = "" ; TextBox2.Text = "" ; TextBox3.Text = "" ; TextBox4.Text = "" ; Response.Write( "<script> alert('Successfull');< / script> " ); bindgrid ParameterName = "@total" ; param.DbType = DbType.Double; param.Value = 0; cmd.Parameters.Add(param); cmd = new SqlCommand( "update creditadd set total = @total, @total = @total + credit where userid = '" + TextBox1.Text + "' and username = '" + TextBox2.Text + "'" , con); cmd.ExecuteNonQuery(); Hope this helpful this is my update coding ? SqlParameter param = new SqlParameter (); param.ParameterName = "@total param.DbType = DbType .Double; param.Value = 0; cmd.Parameters.Add(param); cmd = new SqlCommand ( "update creditadd set total = @total, @total = @total + credit where userid = '" + TextBox1.Text + "' and username = '" + TextBox2.Text + "'" , con); cmd.ExecuteNonQuery(); how to insert this into this row command ? protected void GridView1_RowCommand( object sender, GridViewCommandEventArgs e Open(); } if (e.CommandName = = "can" ) { GridView1.EditIndex = -1; bindgrid(); dropbind(); } else if (e.CommandName = = "upd" ) { LinkButton lkbupd = ( LinkButton )e.CommandSource as LinkButton ; GridViewRow row = lkbupd.NamingContainer as GridViewRow ; Label lbid = ( Label
aspx.cs:line 190 if (e.CommandName = = "edt" ) { ImageButton img = ( ImageButton )e.CommandSource as ImageButton ; GridViewRow row = img.NamingContainer as GridViewRow ; Label lid = ( Label )row.FindControl( "lblid" ); int id = Convert .ToInt16(lid.Text); cmd = new SqlCommand ( "select *from tbl_hoteldetails where id = '" + id + "'" , con); dr = cmd.ExecuteReader(); dr.Read(); if (dr.HasRows e) in d: \ maddy \ editupdate \ Default.aspx.cs:line 199 this is error cmd = new SqlCommand ( "select *from tbl_hoteldetails where id = '" + id + "'" , con); dr = cmd.ExecuteReader(); dr.Read(); if (dr.HasRows it shows error ? still . . . if (e.CommandName = = "edt" ) { ImageButton img = ( ImageButton )e.CommandSource as ImageButton ; GridViewRow row = img.NamingContainer as GridViewRow ; Label lid = ( Label )row.FindControl( "lblid" ); int id = Convert .ToInt16(lid.Text); cmd = new SqlCommand ( "select *from tbl_hoteldetails where id = '" + id + "'" , con); dr = cmd.ExecuteReader(); dr.Read(); if (dr.HasRows Count) DropDownList2.SelectedIndex = Convert .ToInt16(dr[2].ToString()); ); this coding is not executing: cmd = new SqlCommand ( "select *from tbl_hoteldetails where id = '" + id + "'" , con); dr = cmd.ExecuteReader(); dr.Read(); if (dr.HasRows
GridViewCommandEventArgs e) in d: \ tour \ creditadd.aspx.cs:line 265 else if (e.CommandName = = "upd" ) { LinkButton lkbupd = ( LinkButton )e.CommandSource as LinkButton ; GridViewRow row = lkbupd.NamingContainer as GridViewRow ; Label lbid = ( Label )row.FindControl( "lblid" ); TextBox txusrid = ( TextBox )row.FindControl( "txtusrid" ); TextBox txusrname = ( TextBox )row.FindControl( "txtusrname" ); TextBox txservices = ( TextBox )row.FindControl( "txtservices" ); TextBox txcredit = ( TextBox )row