Call converted input from another cls.cs file

Question

0.00/5 (No votes)

See more:

I have a aspx, aspx.cs and cls.cs file.

cls.cs file :

public void converty5(string 5y6,out DataTable dt)
      {
          string strSql;



          strSql = " select convert || substr('" +5y6 + "', 22, 11) ";
         strSql +=   " AS Converted from enf ";
          strSql +=  " where dfh_partno = substr('" + 5y6 + "', 1, 15) ";



          cls.GetDataTable(strSql, out dt);


      }

and this is my function in aspx.cs file

protected void InvisButton_Click(object sender, EventArgs e)
{
    string phone = Scancuba.Text;
    resultscan.Text = "";

    //bool result = Cls.convertphone(phone);

Cls.convertphone(phone,out dt);


    if(result==true)
    {
        resultscan.Text = "Insert success " + phone;
        resultscan.Style.Add("background-color", "#90ee90");        
    }
}

My problem is, when I insert an input, the query works and convert my input into the format that I want but in the display message, it display " Insert success (the original input that has not convert yet)". I know that it because I didn't pass the converted value, but I don't know how to code that. I'm extremely noob in asp.net but please guide me.. Thanks in advance.

What I have tried:

I have tried following this how to pass value/data from aspx.cs to .cs file | The ASP.NET Forums[^] but still don't know how to implement it with my code

Posted 28-Nov-19 20:38pm

Member 14659146

Updated 3-Dec-19 14:54pm

v5

Add a Solution

Comments

Mehul M Thakkar 29-Nov-19 3:38am

What is convertphone? I would recommend you to start with object oriented programming.

Richard Deeming 29-Nov-19 7:37am

strSql += "where c.phone_PARTNO = substr('" + p + "', 1, 15)";

Don't do it like that!

Your code is almost certainly vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Member 14659146 2-Dec-19 20:31pm

thanks for pointing that out sir I will fix it !

Laxmidhar tatwa technologies 1-Dec-19 1:35am

Your cls.cs has function name is INSERTDATA but you call convertphone function ,where it is define please tell

Member 14659146 2-Dec-19 20:32pm

I updated my question I'm sorry I left it out

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2019-12-02T23:08:00

You call a different function from the one you posted, but assuming they function the same, the converted value is in your DataTable. As you only select one thing you should have a datatable with a single row and that row will have a single value which you can read via

C#

Cls.convertphone(phone,out dt);
string convertedValue = (string) dt.Rows[0][0];