0

I am trying to insert data into a table when a button on my asp.net page is clicked. I don't get any errors, but when I try to redirect the user to a new page after the information is inserted, it stays on the same page. Below is my code. 

SqlConnection db = new SqlConnection();
    db.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["AboutYouEntities"].ConnectionString;
    db.Open();


    SqlCommand insertUser = new SqlCommand();
    SqlCommand insertContact = new SqlCommand();

    insertUser.CommandText = "INSERT into USER (Email, Name, Gender, BirthDate, LinuxDistro) VALUES ('" + userInfo.Email + "','" + userInfo.Name + "','" + userInfo.Gender + "','" + userInfo.BirthDate + "','" + userInfo.LinuxDistro + "')";


    insertContact.CommandText = "INSERT into CONTACT (Phone, Zip, Comments) VALUES ('" + userContact.Phone + "','" + userContact.Zip + "','" + userContact.Comments + "')";

    insertUser.ExecuteNonQuery();
    insertContact.ExecuteNonQuery();

    db.Close();

    Response.Redirect("ThankYou.aspx");
Improve this question
2
  • Are u running this from a control (e.g. button click) which is inside of UpdatePanel? Commented Apr 10, 2014 at 20:10
  • SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Apr 10, 2014 at 20:28

1 Answer 1

Reset to default
1

Few problems with your code:

  • You haven't attached connection with your commands.
  • USER is reserve word and should be enclosed in square brackets like [USER]
  • You should parametrized your query, you are prone to SQL Injection.
  • Consider enclosing SqlConnection and SqlCommand object in using statement as it will ensure disposal of the resources.

Code:

using (SqlConnection db = new SqlConnection())
{
    db.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["AboutYouEntities"].ConnectionString;
    db.Open();
    using (SqlCommand insertUser = new SqlCommand())
    {
        insertUser.Connection = db;
        insertUser.CommandText = "INSERT into [USER] (Email, Name, Gender, BirthDate, LinuxDistro) VALUES (@Email, @Name, @Gender,@BirthDate, @LinuxDistro);";
        insertUser.Parameters.AddWithValue("@Email", userInfo.Email);
        insertUser.Parameters.AddWithValue("@Name", userInfo.Name);
        insertUser.Parameters.AddWithValue("@Gender", userInfo.Gender);
        insertUser.Parameters.AddWithValue("@BirthDate", userInfo.BirthDate);
        insertUser.Parameters.AddWithValue("@LinuxDistro", userInfo.LinuxDistro);
        insertUser.ExecuteNonQuery();
    }
    using (SqlCommand insertContact = new SqlCommand())
    {
        insertContact.Connection = db;
        insertContact.CommandText = "INSERT into CONTACT (Phone, Zip, Comments) VALUES (@Phone, @Zip, @Comments);";
        insertContact.Parameters.AddWithValue("@Phone", userContact.Phone);
        insertContact.Parameters.AddWithValue("@Zip", userContact.Zip);
        insertContact.Parameters.AddWithValue("@Comments", userContact.Comments);
        insertContact.ExecuteNonQuery();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i changed my code around....I get no errors but it still doesn't go to the next page when the button is clicked. If i take this code out, it redirects.
@user3255899, so this code is working ? you are probably getting an exception and it is holding up the code execution. Catch exception log it check it etc.
when i remove the block of code that adds it to the database, my button redirects the user but when I add in the code to insert into the database it does not work...ill try using catch
i got it to redirect, but it doesn't insert into the database...what can I do to check why

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.