0

i am using asp.net datalist to retrieve text from database field, when i put an integer value like 10 in where clause of select statement then it retrieves data from databse on next page but when i used variable (which is used to store value sent via query string) then it gives me error:

CODE:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
public partial class applyForJob : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {   
        //string useremail =(string)Session["UserEmail"];
          int qryStrng_advId = int.Parse( Request.QueryString["advId"]);

          Response.Write(qryStrng_advId);
    //    Response.Write("<br/>");  
    //    Response.Write(useremail);


        //if (Session["UserEmail"] == null)
        //{
        //    Response.Redirect("~/loginMain.aspx");

        //}
        //else 
        //{
        //    Response.Write("<br/>"+"Thanks for applying");
        //}

        String connectionString = "Data Source=COSANOSTRA;Initial Catalog=Waleed_orsfinal;Integrated Security=True";
        SqlConnection con = new SqlConnection(connectionString);
        ***String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId = qryStrng_advId ";***
        SqlCommand com = new SqlCommand(sqlQuery, con);
        SqlDataAdapter da = new SqlDataAdapter(com);
        DataSet ds = new DataSet();

        try
        {
            con.Open();
            da.Fill(ds, "tblJobAdv");
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.Message);
        }
        finally
        {
            con.Close();
        }

        datalistApplyForJob.DataSource = ds;
        datalistApplyForJob.DataBind();


    }
}

but when i use : 
String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId = **10** ";

then it works but other wise it gives me an error.

ERROR: The IListSource does not contain any data sources.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: The IListSource does not contain any data sources.

Edited by HunainHafeez: wrong info

3
Contributors
4
Replies
9
Views
5 Years
Discussion Span
Last Post by suman_4
1

you have to seperate the variable from the SQL statement.

String sqlQuery = "select advtitle,advDetails from tblJobAdv where advId =" & qryStrng_advId;

However, be very careful with this approach in your coding. You should be using parameters because this method does not protect very well from SQL injection. You are expecting an integer so that's good, but just read over this when you have a chance....

How To: Protect From SQL Injection

0

@jorGem: thanks aot dear, it worked , just i modified a bit for c#, i used + instead of &, but it worked .
and Jorgem, so i think its unnecessay to parse querystring to int bcz still i have to concatenate so why not to take it in string variable or to embedd (Request.QueryString["advId"] directly in where clause, parsing it is unnecessary.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.