how to insert radio button data in database using .net ? I have my query as follows..

Question

0.00/5 (No votes)

See more:

C#

str = "INSERT INTO studtable(enquiry_no,date,stud_name,col_name,address,qualification,mobile,course,duration,sreq,payment,overall,sign) VALUES('"+lcount.Text+"','" + dt.Text + "','" + tstud.Text + "','" + tcolg.Text + "','" + taddr.Text + "','" + tqua.Text + "','tmob','" + str1 + "','" + str1 + "','" + str1 + "','tfee','" + tedit.Text + "','"+tsign.Text+"')";

                scd.Connection = cn;
                scd.CommandText = str;

Posted 12-Aug-15 22:09pm

Member 11906173

Updated 12-Aug-15 22:20pm

Maciej Los

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

DamithSL · Answer 1 · 2015-08-12T22:27:00

Solution 1

Use parameters instead of concatenating strings for sql statement. your application is pen for sql injection attacks.
read : SqlCommand.Parameters[^]
Inserting radio button data is depends on which data type you have in your table. if it is bit datatype you can insert as boolean value of yourcheckBox.Checked property
for example using parameters:

C#

cmd.Parameters.AddWithValue("@colname", yourcheckBox.Checked);

Posted 12-Aug-15 22:27pm

DamithSL

Updated 12-Aug-15 22:37pm

v2

Comments

Maciej Los 13-Aug-15 4:31am

5ed!

DamithSL 13-Aug-15 4:42am

Thank you, Maciej

Afzaal Ahmad Zeeshan 13-Aug-15 4:46am

5ed

DamithSL 13-Aug-15 4:46am

Thank you, Afzaal

Maciej Los · Answer 2 · 2015-08-12T22:31:00

First of all, your code is SQL Injection[^] vulnerable!

How To: Protect From SQL Injection in ASP.NET[^]
Do Stored Procedures Protect Against SQL Injection?[^]
SQL Injection and how to avoid it[^]

Instead of such of command, use parametrized query:

SQL

INSERT INTO TableName (<Set_of_Fields>: Field1, Field2, Field3, etc.) VALUES(<Set_Of_Parameters>: @param1, @param2, @param3, etc.)

See: SqlParameterCollection.AddWithValue Method[^]

Sanket Saxena · Answer 3 · 2015-08-12T22:45:00

First of all no need to use the code open for SQL Injection instead use parametrize query.

A Simple Example:

if u have 2 radio buttons in your code whose datatype is char(1) in the database table 'Persons' (if its bool then change the code accordingly while passing the parameters)

ASP.NET

<asp:radiobutton id="rbMale" text="Male" runat="server" groupname="Gender"/>
<asp:radiobutton id="rbFemale" text="Female" runat="server" groupname="Gender"/>

Use the following code for saving its value into the database table.

C#

string gender = string.Empty;
   if (rbMale.Checked)
   {
       gender = "M";
   }
   else if (rbFemale.Checked)
   {
       gender = "F";
   }
   string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
   using (SqlConnection con = new SqlConnection(constr))
   {
       using (SqlCommand cmd = new SqlCommand("INSERT INTO Persons(Gender)VALUES(@Gender)"))
       {
           cmd.Connection = con;
           cmd.Parameters.AddWithValue("@Gender", gender);
           con.Open();
           cmd.ExecuteNonQuery();
           con.Close();
       }
   }

Add the parameters according to your form values.

Hope It Helps :)

how to insert radio button data in database using .net ? I have my query as follows..

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0