0

Hey guys,
I urgently need your help. Just stuck in the develpment of my website.
My problem is as follows:-
I am using asp:hyperlink in my masterpage as--

 <asp:HyperLink ID="HyperLink9" runat="server" Text="Expert" 
                    Font-Underline="False" ForeColor="White" 
                    NavigateUrl="~/exam.aspx?cat=css_ex" ToolTip="Expert in CSS?"></asp:HyperLink>

and in exam.aspx page , i am retrieving the values from exam table in exam.mdf database depending on the comparison of querystring value of "cat" with column name "category" of the table "exam" as--

 cmd.CommandText = "select * from exam where category = " + Request.QueryString["cat"].ToString() ;

now on running the website ,the error comes as --
Invalid column name 'css_ex'...
I am not able to understand the situation. Please guys help me as soon as possible.
Thanks in advance.

Edited by __avd: Added [code] tags.

3
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by SukhyDean
1

Try to put single quotes around the value you're testing in the where clause of the query:
cmd.CommandText = "select * from exam where category = '" + Request.QueryString["cat"].ToString() + "'" ;

1

Never use hard-coded sql strings. Always use Parameters.

cmd.CommandText = "select * from exam where category=@category";
cmd.Parameters.AddWithValue("@category",Request.QueryString["cat"]);
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.