I have made sign up button wherein the button accepts data from user and when the user clicks on sign up button then it stores the data in Sign table of databse.
The code for sign up button is :
Protected Sub Button1_Click1(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
con.Open()
cmd = New SqlCommand("insert into sign values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "')", con)
cmd.ExecuteNonQuery()
End Sub
But,after running web page ,and entering all details and click on sign up button ,it directs me to the code section and gives error for this line :
cmd.ExecuteNonQuery()
The Insert Error is:
SqlException was unhandled by user code.
Column name or number of supplied values does not match table definition.
Looks like you may be supplying to few or too many values to be handled in this way.
Try writing your insert command like so:
INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)
Also I would highly suggest not placing data into a database the way you are doing it currently. Releasing code using raw user supplied data from a text box with no form of sanitation leaves you open to SQL injections. Look into parameterizing your query.
This doesn't answer your question but when I saw your code I had to say this: Please do not put values from a text box or a variable directly into a query. Use SQL Parameters instead to prevend SQL injection. Look at this link for more information on the
matter: http://msdn.microsoft.com/en-us/library/ff648339.aspx
Hope this helps.
Regards,
Yorrick
Live life loosely coupled and separated of concerns
&
Don't forget to click "Mark As Answer" on the post that helped you.
Just to emphasize what the others have already contributed. You are not passing in the required number of fields for your table. Did you set a primary key on the table? If so, does it auto increment, or do you have to set that field yourself? That is
most likely what is missing, but impossible to say without looking at the table schema.
I agree with the SQL Injection issue. Never append your values into a dynamic sql query like that. It is bad, bad, bad news. There are many resources out there that can point you in the direction for securing your sql queries. Here is one of those resources
that might be helpful: http://software-security.sans.org/developer-how-to/fix-sql-injection-microsoft-.net-with-parameterized-queries
IAmateur
Member
96 Points
388 Posts
sign up button
Apr 04, 2012 04:54 PM|LINK
Asp.net 3.5 using VB.
I have made sign up button wherein the button accepts data from user and when the user clicks on sign up button then it stores the data in Sign table of databse.
The code for sign up button is :
Protected Sub Button1_Click1(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
con.Open()
cmd = New SqlCommand("insert into sign values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "')", con)
cmd.ExecuteNonQuery()
End Sub
But,after running web page ,and entering all details and click on sign up button ,it directs me to the code section and gives error for this line :
cmd.ExecuteNonQuery()
The Insert Error is:
SqlException was unhandled by user code.
Column name or number of supplied values does not match table definition.
Time to go Long way...
jprochazka
Contributor
4896 Points
740 Posts
Re: sign up button
Apr 04, 2012 04:59 PM|LINK
Looks like you may be supplying to few or too many values to be handled in this way.
Try writing your insert command like so:
INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)
Also I would highly suggest not placing data into a database the way you are doing it currently. Releasing code using raw user supplied data from a text box with no form of sanitation leaves you open to SQL injections. Look into parameterizing your query.
Yorrick vd V...
Participant
1674 Points
301 Posts
Re: sign up button
Apr 04, 2012 05:29 PM|LINK
Hi,
This doesn't answer your question but when I saw your code I had to say this: Please do not put values from a text box or a variable directly into a query. Use SQL Parameters instead to prevend SQL injection. Look at this link for more information on the matter: http://msdn.microsoft.com/en-us/library/ff648339.aspx
Hope this helps.
Regards,
Yorrick
&
Don't forget to click "Mark As Answer" on the post that helped you.
jamesjardine
Member
24 Points
7 Posts
Re: sign up button
Apr 05, 2012 12:32 AM|LINK
Just to emphasize what the others have already contributed. You are not passing in the required number of fields for your table. Did you set a primary key on the table? If so, does it auto increment, or do you have to set that field yourself? That is most likely what is missing, but impossible to say without looking at the table schema.
I agree with the SQL Injection issue. Never append your values into a dynamic sql query like that. It is bad, bad, bad news. There are many resources out there that can point you in the direction for securing your sql queries. Here is one of those resources that might be helpful: http://software-security.sans.org/developer-how-to/fix-sql-injection-microsoft-.net-with-parameterized-queries