Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
saidev
Posting Yak Master
101 Posts |
 Posted - 2006-09-25 : 18:27:30
|
| Hi Guys,I have two dropdown boxes on a form and I am trying to add to the database. DropDown 1 has values 1 to 100. DropDown 2 has values 1 to 10. If I select 100 from dropdown 1 and 10 from dropdown 2 and trying to add. After adding, both the dropdowns are displaying 100. Here is the sql that I am using. Can you guys help me what am I doing wrong here. Iam using ASP.NET/VB.NETThankssql = "INSERT INTO tblContract(fkAE, fkAE2) values('" & Me.ddAE.SelectedValue & "','" & Me.ddSecAE.SelectedValue & "') " |
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
Posted - 2006-09-25 : 18:55:40
|
| YOu seem to have a talent for avoiding best practices at all costs, so I am sure you will ignore this advice as well, but never concatenate your SQL like that -- Use Stored procedures and/or parameterized commands, especially in ADO.NET which has full support for it.Read this for examples and reasons why: http://weblogs.sqlteam.com/jeffs/archive/2006/07/21/10728.aspxIt makes things much easier for you, makes your code shorter and clear, and it avoids issues like date formats, delimiting non-numeric data, escaping things like single quotes, and sql injection which is a big security issue.As for your question, you've provided absolutely no information at all regarding your code and/or how those values are derived that you are inserting.- Jeff |
 |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2006-09-25 : 18:58:30
|
| Why are they displaying the same value? How are you binding the values of those controls? Look into that.As to what Jeff said, he's totally right. Building a string and executing it is a bad bad bad idea. It makes your code harder to maintain as well as makes it much more vunerable to SQL Injection attacks.Michael<Yoda>Use the Search page you must. Find the answer you will. Cursors, path to the Dark Side they are. Avoid them, you must. Use Order By NewID() to get a random record you will.</Yoda>Opinions expressed in this post are not necessarily those of TeleVox Software, inc. All information is provided "AS IS" with no warranties and confers no rights. |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-09-26 : 04:42:46
|
databinding should be done only once in the if not IsPostBack thenend ifsection.once you have that the values will be preserved in the viewstate. of course this means you have to enable viewstate which is on by default anyway.understanding viewstate is a different matter look here:http://weblogs.asp.net/infinitiesloop/archive/2006/08/03/Truly-Understanding-Viewstate.aspxGo with the flow & have fun! Else fight the flow  blog thingie: http://weblogs.sqlteam.com/mladenp |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2006-09-27 : 13:22:05
|
quote:
Originally posted by saidev
Hi Guys,I have two dropdown boxes on a form and I am trying to add to the database. DropDown 1 has values 1 to 100. DropDown 2 has values 1 to 10. If I select 100 from dropdown 1 and 10 from dropdown 2 and trying to add. After adding, both the dropdowns are displaying 100. Here is the sql that I am using. Can you guys help me what am I doing wrong here. Iam using ASP.NET/VB.NETThankssql = "INSERT INTO tblContract(fkAE, fkAE2) values('" & Me.ddAE.SelectedValue & "','" & Me.ddSecAE.SelectedValue & "') "
|
|
|
|
|
|
|
|
|
Adding to Database