Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Apr 05, 2012 12:32 AM by jamesjardine
Apr 04, 2012 04:54 PM|LINK
Asp.net 3.5 using VB.
I have made sign up button wherein the button accepts data from user and when the user clicks on sign up button then it stores the data in Sign table of databse.
The code for sign up button is :
Protected Sub Button1_Click1(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
cmd = New SqlCommand("insert into sign values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "')", con)
But,after running web page ,and entering all details and click on sign up button ,it directs me to the code section and gives error for this line :
The Insert Error is:
SqlException was unhandled by user code.
Column name or number of supplied values does not match table definition.
Apr 04, 2012 04:59 PM|LINK
Looks like you may be supplying to few or too many values to be handled in this way.
Try writing your insert command like so:
INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)
Also I would highly suggest not placing data into a database the way you are doing it currently. Releasing code using raw user supplied data from a text box with no form of sanitation leaves you open to SQL injections. Look into parameterizing your query.
Apr 04, 2012 05:29 PM|LINK
This doesn't answer your question but when I saw your code I had to say this: Please do not put values from a text box or a variable directly into a query. Use SQL Parameters instead to prevend SQL injection. Look at this link for more information on the
Hope this helps.
Apr 05, 2012 12:32 AM|LINK
Just to emphasize what the others have already contributed. You are not passing in the required number of fields for your table. Did you set a primary key on the table? If so, does it auto increment, or do you have to set that field yourself? That is
most likely what is missing, but impossible to say without looking at the table schema.
I agree with the SQL Injection issue. Never append your values into a dynamic sql query like that. It is bad, bad, bad news. There are many resources out there that can point you in the direction for securing your sql queries. Here is one of those resources
that might be helpful: http://software-security.sans.org/developer-how-to/fix-sql-injection-microsoft-.net-with-parameterized-queries