Member Avatar for HunainHafeez

i am using asp.net datalist to retrieve text from database field, when i put an integer value like 10 in where clause of select statement then it retrieves data from databse on next page but when i used variable (which is used to store value sent via query string) then it gives me error:

CODE:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
public partial class applyForJob : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {   
        //string useremail =(string)Session["UserEmail"];
          int qryStrng_advId = int.Parse( Request.QueryString["advId"]);

          Response.Write(qryStrng_advId);
    //    Response.Write("<br/>");  
    //    Response.Write(useremail);


        //if (Session["UserEmail"] == null)
        //{
        //    Response.Redirect("~/loginMain.aspx");

        //}
        //else 
        //{
        //    Response.Write("<br/>"+"Thanks for applying");
        //}

        String connectionString = "Data Source=COSANOSTRA;Initial Catalog=Waleed_orsfinal;Integrated Security=True";
        SqlConnection con = new SqlConnection(connectionString);
        ***String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId = qryStrng_advId ";***
        SqlCommand com = new SqlCommand(sqlQuery, con);
        SqlDataAdapter da = new SqlDataAdapter(com);
        DataSet ds = new DataSet();

        try
        {
            con.Open();
            da.Fill(ds, "tblJobAdv");
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.Message);
        }
        finally
        {
            con.Close();
        }

        datalistApplyForJob.DataSource = ds;
        datalistApplyForJob.DataBind();


    }
}

but when i use : 
String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId = **10** ";

then it works but other wise it gives me an error.

ERROR: The IListSource does not contain any data sources.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: The IListSource does not contain any data sources.

Edited by HunainHafeez because: wrong info
  • 3 Contributors
  • 4 Replies
  • 849 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by suman_4
Member Avatar for JorgeM

you have to seperate the variable from the SQL statement.

String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId =" & qryStrng_advId;

However, be very careful with this approach in your coding. You should be using parameters because this method does not protect very well from SQL injection. You are expecting an integer so that's good, but just read over this when you have a chance....

How To: Protect From SQL Injection

Member Avatar for HunainHafeez

@jorGem: thanks aot dear, it worked , just i modified a bit for c#, i used + instead of &, but it worked .
and Jorgem, so i think its unnecessay to parse querystring to int bcz still i have to concatenate so why not to take it in string variable or to embedd (Request.QueryString["advId"] directly in where clause, parsing it is unnecessary.

Member Avatar for JorgeM

Ok good. Sorry about that. I know vb not c#.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.