Ok, so I'm a JSP guy and thing it should be easy to replace "@.color" with t_color after I initialized it to red by
String t_color = "red";
and then calling the insert
SqlDataSource1.Insert();
here is insert command:
InsertCommand="INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, @.color)"
I've tried InsertCommand="INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, "+ t_color+")"
Ive tried InsertCommand="INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, "<%$ t_color %>" )"
Is there any easy way to do this?
or
Can I set it like
@.color = t_color?
Thanks in advance for ANY help
JSP turning ASP (Maybe)
Dan
Hi Dan,
Hope your day goes better!
If you are using @.something, this tells your database that a parameter is expected, in which case you would instantiate a new parameter and sent your string value.
your line would have worked (this one): InsertCommand="INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, "+ t_color+")"
had you remembered to use single-quotes around your color value (strings are interpreted in sql if they have single quotes around them)
so it would have been like this:
InsertCommand="INSERT INTO [favcolor] ([name], [color]) VALUES (@.name,'"+ t_color+"')"
it know its hard to see, but in the end, the insertcommand recieved by your database server is...
INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, 'red') -- which would have worked.
hope this helps!!
|||DARN!
THought that was it.
However, when I try '"+ t_color+"' i getParser Error Message:The server tag is not well formed.
when I try "'+ t_color+'" I getParser Error Message:The server tag is not well formed.
How avout setting the value of @.color to 'red' ?
Is that an option?
Sorry Im so green at this c# stuff
In your GUI, look at the properties of the sqldatasource. click the [...] button for your insert command, and check to see if you have your parameters already created there.
if so, you can set your parameter value like this...
sdsMySQLDataSource.InsertParameters[
"color"].DefaultValue = t_string;If you don't have any parameters, then you should add them using the GUI... you can do it programmatically though like this...
sdsMySQLDataSource.InsertParameters.Add(
newParameter("color",TypeCode.String,"black"));|||Incase you want to see my test code on this issue... Hereis the test code that I usedin testing your issue. it compiled nicely (I just don't have the tables to actually write the data to... cant test that)// add a parameter to the insert query string t_color = "red"; string myInsertSQL;// parameters myInsertSQL = "INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, @.color)"; sdsTestFiltering.InsertParameters.Add(new Parameter("color", TypeCode.String, "black")); sdsTestFiltering.InsertParameters["color"].DefaultValue = t_color;// sql injection myInsertSQL = "INSERT INTO [favcolor] ([name], [color]) VALUES (@.name, '" + t_color + "')"; sdsTestFiltering.InsertCommand = myInsertSQL;
No comments:
Post a Comment