We Keep Coding

Updating user info but does not update and has no error

I'm trying to update multiple user info but it won't update. I have tried a lot of ways and all of them would execute, but they do not update the data, and yet throw no errors. Am I missing something?
Here is the code:
protected void Update_Click(object sender, EventArgs e)
{
using (SqlConnection sqlCon = new SqlConnection(connectionstring))
{
sqlCon.Open();
using (var sqlStt = sqlCon.CreateCommand())
{
sqlStt.CommandType = CommandType.Text;
sqlStt.CommandText = "UPDATE USERS SET LAST_NAME = #LAST_NAME, FIRST_NAME = #FIRST_NAME, BIRTHDATE = #BIRTHDATE, PHONE_NUM = #PHONE_NUM, EMAIL = #EMAIL WHERE USERNAME ='" + Session["USERNAME"] + "' ";
sqlStt.Parameters.AddWithValue("#LAST_NAME", Lname.Text);
sqlStt.Parameters.AddWithValue("#FIRST_NAME", Fname.Text);
sqlStt.Parameters.AddWithValue("#BIRTHDATE", Birthdate.Text);
sqlStt.Parameters.AddWithValue("#PHONE_NUM", Phone_num.Text);
sqlStt.Parameters.AddWithValue("#EMAIL", Email.Text);
sqlStt.ExecuteNonQuery();
}
sqlCon.Close();
Display_Info();
Disable_Field();
Notificationtext.Text = "Your account has been updated!";
}
}
void Disable_Field()
{
Lname.Enabled = false;
Fname.Enabled = false;
Birthdate.Enabled = false;
Phone_num.Enabled = false;
Email.Enabled = false;
}
void Display_Info()
{
using (SqlConnection sqlCon = new SqlConnection(connectionstring))
{
sqlCon.Open();
SqlCommand sqlCmd = new SqlCommand("SELECT LAST_NAME, FIRST_NAME, BIRTHDATE, PHONE_NUM, EMAIL FROM USERS WHERE USERNAME ='" + Session["USERNAME"] + "' ", sqlCon);
SqlDataReader reader;
reader = sqlCmd.ExecuteReader();
if (reader.Read())
{
Lname.Text = reader["LAST_NAME"].ToString();
Fname.Text = reader["FIRST_NAME"].ToString();
Birthdate.Text = reader["BIRTHDATE"].ToString();
Phone_num.Text = reader["PHONE_NUM"].ToString();
Email.Text = reader["EMAIL"].ToString();
}
sqlCon.Close();
}
}
I also wanted to display the update to the textbox then disable it. After I click update, the data before it was updated would display instead.

Get summarized/sorted data from SQL Server in ASP.NET

below is my sql table in which I'm saving student attendance
I'm trying to create a summarized attendance report as below:
Attendance Summary of all students:
Number of students present in class I: 1
Number of students present in class II: 1
Number of students present in class III: 0
But I don't exactly am finding a right way to do it. below is the sample code I'm trying to use to achieve this:
public void GetPresentCount()
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("select count(*) as 'TotalPresent' from stud_att where att='Present' and a_date='"+ systemdate +"'", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
totstuds.InnerText = dr["TotalCount"].ToString();
}
else
{
totstuds.InnerText = "0";
}
}
}
con.Close();
}
}
public void GetAbsentCount()
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("select count(*) as 'TotalPresent' from stud_att where att='Present' and a_date='" + systemdate + "'", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
totstuds.InnerText = dr["TotalCount"].ToString();
}
else
{
totstuds.InnerText = "0";
}
}
}
con.Close();
}
}
But I know this is not the right way.

I think you just want conditional aggregation:
select class,
sum(case when att = 'Present' then 1 else 0 end) as attendance
from stud_att
where a_date = ?
group by class
order by class;
The ? is a parameter placeholder to pass in the date. Don't munge SQL queries with constant values; pass them in as parameters.

.NET Query with list as sql parameter

public SqlDataReader GetDataReader(List<SqlParameter> parameterValues){
System.Data.SqlClient.SqlConnection cn = new System.Data.SqlClient.SqlConnection();
cn.ConnectionString = SQLConnectionObj.ConnectionString;
cn.Open();
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
cmd.Parameters.AddRange(parameterValues.ToArray());
cmd.Connection = cn;
cmd.CommandText = SelectStatement;
cmd.CommandType = CommandType.Text;
return sReader = cmd.ExecuteReader();
}
When I try to add this for IN condition variable in select query,it fails.
Need to use this only for Fortify fix.Tried with dictionary Sql parameter.It works but increases the issue count up.
Please help me with this.And also if there is anything new which you want to add feel free to add those too.
But the following code works:-
public SqlDataReader GetDataReader(Dictionary<string, string> qParams)
{
SqlCommand SQLCommandObj = new SqlCommand(SelectStatement,
SQLConnectionObj);
string query=SelectStatement;
if (qParams.Count > 0)
{
foreach (string key in qParams.Keys)
{
string value = qParams[key];
SqlParameter par = new SqlParameter();
par.ParameterName = key;
par.Value = value;
SQLCommandObj.Parameters.Add(par);
}
}
foreach(SqlParameter par in SQLCommandObj.Parameters)
{
string key = par.ParameterName;
string value = par.Value as string;
query=query.Replace(key, value);
}
if (qParams.Count > 0)
{
SQLCommandObj.CommandText = "";
SQLCommandObj.CommandText = query;
}
SQLCommandObj.CommandTimeout = CustomCommandTimeout;
return SQLCommandObj.ExecuteReader(CommandBehavior.CloseConnection);
}

multiuser log in at same time

I have created an online examination system. It is working fine with only a single user at a time. However, a problem occurs when more than one user logs in.
There are 20 questions in each test. If only a single user is doing the test it works fine. The user can do all the 20 questions. Now another user logs in at the same time. That user is not getting all the 20 questions. Say User1 has completed 12 question. User2 will get only 8 question.
Suppose there there are User1,User2,User3 logged in at the same time. User1 did 8 questions, User2 did 6 questions and User3 also 8 questions. They would all arrive at the result Page without completing their 20 questions. That means if there are 20 users they will get only 1 question instead of 20. Can anyone help?
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["hasexaminationConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
SqlDataReader dr;
cmd.Connection = con;
cmd.CommandText = "select * from tblregister where Name=#Name and EMail=#EMail";
cmd.Parameters.Add("#Name", SqlDbType.VarChar).Value = TxtStName.Text;
cmd.Parameters.Add("#EMail", SqlDbType.VarChar).Value = TxtStudentID.Text;
//cmd.Parameters.Add("#Flag", SqlDbType.Int).Value = Convert.ToInt32(HiddenField1.Value);
con.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
FormsAuthentication.RedirectFromLoginPage(TxtStName.Text, false);
Session["Name"] = TxtStName.Text;
Session["EMail"] = TxtStudentID.Text;
Response.Redirect("TestHome.aspx");
}
else
{
Label1.Visible = true;
Label1.Text = "UserName or Password is Required/Incorrect.";
}
}
catch
{ }
}
next page:
protected void Page_Load(object sender, EventArgs e)
{
mob = HttpContext.Current.Session["Name"].ToString();
number = HttpContext.Current.Session["EMail"].ToString();
//Response.Cache.SetCacheability(HttpCacheability.NoCache);
if (Session["mob"] == null & Session["number"] == null)
//Response.Redirect("Home.aspx");
if (!IsPostBack)
{
DataSet TestList = getTestList("GetTestList");
DataList1.DataSource = TestList;
DataList1.DataBind();
}
}
public DataSet getTestList(string procedurename)
{
using (DataSet QuestionSet = new DataSet())
{
using (DataTable QTable = new DataTable())
{
QTable.Columns.Add("TESTNAME");
QTable.Columns.Add("TESTNUMBER");
DataTable dt;
cmd.Connection = con;
cmd.CommandText = "select * from testnumber";
using (Da = new SqlDataAdapter(cmd))
{
con.Open();
dt = new DataTable();
Da.Fill(dt);
if (dt.Rows.Count > 0)
{
DataRow dr;
for (int i = 0; i < dt.Rows.Count; i++)
{
dr = QTable.NewRow();
dr[0] = dt.Rows[i]["testname"].ToString();
dr[1] = dt.Rows[i]["testnumber"].ToString();
QTable.Rows.Add(dr);
}
}
}
QuestionSet.Tables.Add(QTable);
return QuestionSet;
}
}
}
protected void LinkButton_Click(object sender, CommandEventArgs e)
{
string name = e.CommandArgument.ToString();
Response.Redirect("TakeTest1.aspx?testno=" + e.CommandArgument.ToString());
}
next:
protected void Page_Load(object sender, EventArgs e)
{
//UserName = Session["UserName"].ToString();
//Password = Session["Password"].ToString();
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["hasexaminationConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
SqlDataReader dr;
cmd.Connection = con;
cmd.CommandText = "select username,password,flag from tblcollegeuser where username='" + UserName + "'and password='" + Password + "'";
con.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
HiddenField1.Value = dr["Flag"].ToString();
if (HiddenField1.Value.ToString() == "0")
{
//Response.Write("<script>alert('Your Session Timer has Expired! We are Sorry!')</script>");
Response.Redirect("Result.aspx");
}
}
if (HttpContext.Current.Session["Name"] == null && HttpContext.Current.Session["EMail"] == null)
{
Response.Write("<script>alert('Your Session Timer has Expired! We are Sorry!')</script>");
Response.Redirect("default.aspx");
}
if (!IsPostBack)
{
this.timerStartValue = long.Parse(ConfigurationManager.AppSettings["Delay"].ToString());
this.TimerInterval = 500;
tno = Request.QueryString["testno"].ToString();
//string query = "select * from questions where tnumber='" + tno + "'";
Questions = GetDataSet(tno);
totalQs = GetCount(tno);
LoadQuestion();
DataSet questions = new DataSet("Questions");
questions.Tables.Add();
}
}
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
string strDisAbleBackButton;
strDisAbleBackButton = "";
ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "clientScript", strDisAbleBackButton);
}
public DataSet GetDataSet(string query)
{
using (DataSet QuestionSet = new DataSet())
{
using (DataTable QTable = new DataTable())
{
QTable.Columns.Add("ROW_NUMBER");
QTable.Columns.Add("QuestionNo");
QTable.Columns.Add("Tname");
QTable.Columns.Add("Tnumber");
QTable.Columns.Add("question");
QTable.Columns.Add("ans1");
QTable.Columns.Add("ans2");
QTable.Columns.Add("ans3");
QTable.Columns.Add("ans4");
DataTable dt;
using (cmd.Connection = con)
{
//cmd.CommandText = " SELECT * FROM test ORDER BY CHECKSUM(NEWID()) where tnumber='" + query + "'";
cmd.CommandText = " SELECT * FROM test WHERE tnumber='" + query + "' ORDER BY CHECKSUM(NEWID()) ";
//cmd.Parameters.AddWithValue("#cse", query);
Da = new SqlDataAdapter(cmd);
con.Open();
dt = new DataTable();
Da.Fill(dt);
if (dt.Rows.Count > 0)
{
DataRow dr;
for (int i = 0; i < dt.Rows.Count; i++)
{
dr = QTable.NewRow();
dr[0] = dt.Rows[i]["id"].ToString();
dr[1] = "Qno" + dt.Rows[i]["Qno"].ToString();
dr[2] = dt.Rows[i]["tname"].ToString();
dr[3] = dt.Rows[i]["tnumber"].ToString();
dr[4] = dt.Rows[i]["quation"].ToString();
dr[5] = dt.Rows[i]["ans1"].ToString();
dr[6] = dt.Rows[i]["ans2"].ToString();
dr[7] = dt.Rows[i]["ans3"].ToString();
dr[8] = dt.Rows[i]["ans4"].ToString();
QTable.Rows.Add(dr);
}
}
}
QuestionSet.Tables.Add(QTable);
return QuestionSet;
}
}
}
public Int32 GetCount(string tno)
{
return 10;
}
void Page_PreRender(object sender, EventArgs e)
{
StringBuilder bldr = new StringBuilder();
bldr.AppendFormat("var Timer = new myTimer({0},{1},'{2}','timerData');", this.timerStartValue, this.TimerInterval, this.lblTimerCount.ClientID);
bldr.Append("Timer.go()");
ClientScript.RegisterStartupScript(this.GetType(), "TimerScript", bldr.ToString(), true);
ClientScript.RegisterHiddenField("timerData", timerStartValue.ToString());
}
void Page_PreInit(object sender, EventArgs e)
{
string timerVal = Request.Form["timerData"];
if (timerVal != null || timerVal == "")
{
timerVal = timerVal.Replace(",", String.Empty);
timerStartValue = long.Parse(timerVal);
}
}
private Int32 TimerInterval
{
get
{
object o = ViewState["timerInterval"];
if (o != null) { return Int32.Parse(o.ToString()); }
return 50;
}
set { ViewState["timerInterval"] = value; }
}
void RedirectToResults()
{
Response.Redirect("Results.aspx");
}
protected void LoadQuestion()
{
if (Questions.Tables[0].Rows.Count > 0)
{
//Load Question;
DataRow DR = Questions.Tables[0].Rows[0];
//Question.Text = DR[0].ToString() + " of " + 20;
//Question.Text = (i + 1).ToString() + " of " + 20;
sno = DR[1].ToString();
TestName.Text = DR[2].ToString();
TestNo.Text = DR[3].ToString();
Questionlbl.Text = DR[4].ToString();
rbtnAns.Items.Clear();
rbtnAns.Items.Add(DR[5].ToString());
rbtnAns.Items.Add(DR[6].ToString());
rbtnAns.Items.Add(DR[7].ToString());
rbtnAns.Items.Add(DR[8].ToString());
Questions.Tables[0].Rows.Remove(DR);
if (Questionlbl.Text.Equals(totalQs.ToString()))
{
IsLastQs = true;
}
}
else
{
//End Of File;
//Response.Write("<script>alert('Thanks For Your Presence! You Can Leave Now.')</script>");
//Session.Abandon();
Session["raj"] = Questions;
RedirectToResults();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
//Write your code here to save the question
//Displays the Next Question
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["hasexaminationConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand("insert into testdisplay Values ('" + sno + "','" + Session["Name"] + "','" + Session["EMail"] + "','" + Questionlbl.Text + "','" + rbtnAns.SelectedItem.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
LoadQuestion();
}
catch (Exception ex)
{
Response.Write("<script>alert(''" + ex.Message + "'')</script>");
}
}
protected void Button2_Click(object sender, EventArgs e)
{
//When Skip Button is pressed it loads the next question
LoadQuestion();
}
and result page:
protected void Page_Load(object sender, EventArgs e)
{
l = Session["Name"].ToString();
m = Session["EMail"].ToString();
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["hasexaminationConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand("select tnumber,quation,ans1,ans2,ans3,ans4,ans from test left join testdisplay on (test.ans= testdisplay.answ and test.quation= testdisplay.quations) where UserName='" + Session["Name"] + "' and Password='" + Session["EMail"] + "'", con);
con.Open();
SqlDataAdapter adp = new SqlDataAdapter(cmd);
adp.Fill(dt);
con.Close();
{
int to = 20;
GridView1.DataSource = dt;
GridView1.DataBind();
int marks = GridView1.Rows.Count;
Label1.Text = Convert.ToInt32(GridView1.Rows.Count).ToString();
decimal total = Convert.ToDecimal((double)marks / (double)20) * 100;
lbltotal.Text = total.ToString();
}
}
public void bind()
{
// Write your code to get the summary of the result and display it
}
protected void Button1_Click(object sender, EventArgs e)
{
//Response.Redirect("Home.aspx");
string uniqueCode = string.Empty;
//SqlDataReader dr;
try
{
DataSet ds = new DataSet();
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["hasexaminationConnectionString"].ConnectionString))
{
con.Open();
SqlCommand cmd = new SqlCommand("SELECT Name,EMail FROM tblregister Where EMail= '" + txtEmail.Text.Trim() + "'", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds);
////}
if (Page.IsValid)
{
//GridView1.RenderControl(hw);
const string SERVER = "relay-hosting.secureserver.net";
MailMessage oMail = new MailMessage();
oMail.From = new MailAddress("contact#dssgroups.com");
oMail.To.Add(new MailAddress(txtEmail.Text.Trim()));
oMail.Subject = "Your Test Details";
oMail.IsBodyHtml = true; // enumeration
oMail.Priority = MailPriority.High; // enumeration
oMail.Body = "Hi, <br/><b>Please check your Test Details:</b><br/><br/>Your Marks Percentage: " + lbltotal.Text+" % "+"<br/>For any query contact "+" http://dssgroups.com";
SmtpClient sC = new SmtpClient(SERVER);
sC.EnableSsl = false;
ContentType contentType = new ContentType();
contentType.MediaType = MediaTypeNames.Application.Octet;
contentType.Name = "xml.xml";
sC.Send(oMail);
oMail = null; // free up resources
lblMessage.ForeColor = System.Drawing.Color.DarkKhaki;
lblMessage.Text = "EMail Sent";
ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('EMail Sent');", true);
}
else
{
lblMessage.Text = "The Email you entered not exists.";
}
}
//}
}
catch (Exception ex)
{
Console.WriteLine("{0} Exception caught.", ex);
}
}
protected void Button2_Click(object sender, EventArgs e)
{
Session.Clear();
Session.Abandon();
Response.Redirect("default.aspx");
}

Updating Datatable using Update Query

I am passing string _nameProcessed from the UI to my DAL and updating my table. Now when I am doing the foreach look I could not figure if out how to Update my column ShipmentProcessedBy to _nameProcessed.
Any help guys???
public void SaveNameProcessed(DataTable updatedTable, string _nameProcessed)
{
foreach (DataRow row in updatedTable.Rows)
{
SqlCommand cmd2 = new SqlCommand(
#"update dbo.JobStatus
SET ShipmentProcessedBy = ????,
WHERE JobTableId = #JobID ", _mySqlConnec);
//Updated the parameters to the SQL Query!
cmd2.Parameters.Add(new SqlParameter("#ProcessedBy", row["ProcessedBy"].ToString()));
cmd2.Parameters.Add(new SqlParameter("#JobID", row["JobID"].ToString()));
cmd2.Connection = _mySqlConnec;
_mySqlConnec.Open();
cmd2.ExecuteNonQuery();
_mySqlConnec.Close();
}
}
Here is the rectified code:
public void SaveNameProcessed(DataTable updatedTable, string _nameProcessed)
{
foreach (DataRow row in updatedTable.Rows)
{
SqlCommand cmd2 = new SqlCommand(
#"update dbo.JobStatus
SET ShipmentProcessedBy = ????,
WHERE JobTableId = #JobID ", _mySqlConnec);
//Updated the parameters to the SQL Query!
cmd2.Parameters.Add(new SqlParameter("#ProcessedBy", _nameProcessed));
cmd2.Parameters.Add(new SqlParameter("#JobID", row["JobID"].ToString()));
cmd2.Connection = _mySqlConnec;
_mySqlConnec.Open();
cmd2.ExecuteNonQuery();
_mySqlConnec.Close();
}
}

You have declared and added a parameter called #ProcessedBy so just set it to that in your SQL.
SET ShipmentProcessedBy = #ProcessedBy,
Exactly the same as you have done with #JobId
You also need to change this line:
cmd2.Parameters.Add(new SqlParameter("#ProcessedBy", row["ProcessedBy"].ToString()));
to
cmd2.Parameters.Add(new SqlParameter("#ProcessedBy", _nameProcessed));