1

I have a simple two-field form that stores its data in the database. For some reason, it isn't working. I have verified that the connection string works, as it is used in another project I made.

I didn't include the beginning of the first class or its page load.

Code:

    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        string Name = txtName.Text;
        string Description = txtSpecial.Text;
        string method = string.Format(
            "INSERT INTO RbSpecials (Name,Description,Active) VALUES ('{0}','{1}','1')",
            Name,
            Description);
        RbConfiguration mySql = new RbConfiguration();
        try
        {
            mySql.Sql_Connection(method);
        }
        catch
        {

        }
    }
}

public class RbConfiguration
{
    string DbConnectionString = "System.Configuration.ConfigurationManager.ConnectionStrings['RBConnectionString'].ConnectionString";

    public void Sql_Connection(string queryString)
    {
        SqlConnection conn = new SqlConnection(DbConnectionString);
        SqlCommand cmd = new SqlCommand(queryString, conn);
        conn.Open();

        conn.Close();
    }
}
Improve this question
3
  • Where does the exception appear, and what is it? Commented Aug 30, 2010 at 23:03
  • It actually didn't produce an error, when I went to look in the table there was no inserted values. Come to find out, the connection string was enclosed in quotes and I didn't use ExecuteNonQuery() Commented Aug 30, 2010 at 23:13
  • Not answering your question, but your code is vulnerable to SQL injection, which is very dangerous. Google it up, and start using parameterized queries. Commented Aug 31, 2010 at 1:46

3 Answers 3

Reset to default
5

You never execute your SQL command:

conn.Open(); 
cmd.ExecuteNonQuery(); 
conn.Close();

And your connection string is wrong (ditch the double quotes):

string DbConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["RBConnectionString"].ConnectionString;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks, after fixing the connection string and executing the nonquery it works perfectly!
2

Well without knowing the error, I'll give it a shot anyway.

string DbConnectionString = "System.Configuration.ConfigurationManager.ConnectionStrings['RBConnectionString'].ConnectionString";

Should be

string DbConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["RBConnectionString"].ConnectionString;

And as Adam says, you never actually execute your Query. The Sql_Connection-method, only opens a connection, and then closes it again, without actually doing anything.

Try this instead:

public void Sql_Connection(string queryString)
{
    using( SqlConnection conn = new SqlConnection(DbConnectionString) )
    {
        SqlCommand cmd = new SqlCommand(queryString, conn);
        conn.Open();
        cmd.ExecuteNonQuery();
    }
}
Improve this answer

2 Comments

ahhh yes you are right. Also I noticed that the name in brackets needs to be in " " not ' '.
@Nick, ah yes in my haste I didn't notice that :)
0

  1. Check your connection string code must not be a string its class which is getting connection string from web.config, so it should be like this

    string DbConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["RBConnectionString"].ConnectionString;

  2. You did not execute your SQlCommand, so will it insert the data, do this

    conn.Open();

    cmd.ExecuteNonQuery();

    conn.Close();

  3. its not the cause but the best practice to not to make your code vulnerable to SQLINjection, try this article

How To: Protect From SQL Injection in ASP.NET

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.