Security Checking On Input String
Nov 8, 2007
Hi all,
I need to have a check procedure which rejects long strings if they contain anything other than 'allowed' characters (alphanumeric characters and selected other characters - space,comma, apostrophe).
So in (very rough) pseudocode:
FOR EACH character in string
IF( chararacter is not alphanumeric AND character is not valid )
reject string;
(end checking)
Accept string.
What is the best was to do this in T-SQL??
Many thanks for helping a noobie,
Joe
View 2 Replies
ADVERTISEMENT
Nov 8, 2007
Help desperately needed for SQL noobie..
I need to check long strings and only allow them through if they contain alpha-numeric characters and selected other characters (apostrophe, comma, colon, full stop), and reject all other strings.
So in pseudocode (very roughly) :
FOR EACH character in string
IF( character not alphanumeric AND character not valid character )
reject string
(end loop)
Accept string
What is the best way to do this in T-SQL?
Many thanks for any help,
Joe
View 3 Replies
View Related
Feb 3, 2005
This maybe belongs in the Data-Access Forum, but I'm not sure.
Is it generally a better idea to enforce things like unique constraints in the Database or the Webform? Say for example I want to make sure no duplicate Social Security Numbers are entered. Is it better to have an "If Exists" clause in my query, with a function to deal with it in the application or is it better to just fire the data to SQL Server and let the unique constraint on the dbase column deal with it? I then still have to have some code in my application to deal with the potential exisatance of that number, so is it a case of tomatoe, tomahtoe? If I understand things correctly, SQL server will return an error code if the piece of data does exist, and I will be able to parse the error code and display a message to the user.
Are there performance/coding issues involved? Best practices?
View 1 Replies
View Related
Nov 16, 2007
SQL Server allows for a user to have SELECT permission on a View withoutthat user requiring an associated SELECT permission on the underlying tablethat the VIEW accesses, but the user can still access the data through theView. A similar arrangement holds true for stored procedures.So based on these initial known behaviours, I have a couple of questions:1. If a stored procedure A executes stored procedure B, does the user of Arequire execute permission for B also? Or will access to B be permittedregardless because the user was given access to A?2. Similarly, if a stored procedure A accesses a View, does the user of Arequire permissions on the referenced View?I guess to paraphrase what I am trying to determine is whether SQL Serveronly checks permissions at the "entry" point of a particular function, orwhether permission checks are performed "intra-function". My openingexamples imply they are only checked "on entry", but I am wondering if thisbehaviour is entirely consistent. Perhaps the SQL Standard mandates this?
View 1 Replies
View Related
Mar 10, 2015
I have a scenario where in I need to use a comma delimited string as input. And search the tables with each and every string in the comma delimited string.
Example:
DECLARE @StrInput NVARCHAR(2000) = '.NET,Java, Python'
SELECT * FROM TABLE WHERE titleName = '.NET' AND titleName='java' AND titleName = 'Python'
As shown in the example above I need to take the comma delimited string as input and search each individual string like in the select statement.
View 3 Replies
View Related
Jan 23, 2008
Hi,
Could someone please advise if the report folder structure I am proposing will be secure enough so unauthorised users can't access the reports?
I have created three folders; Departments (that contains subfolders being one for each department), Sections (that contains subfolders being one for each section), and Open Access. A manager will either see the Department or Section folder and then the relevant subfolder for the area he/she manages.
I have deployed the reports from the Development Studio to the Home page, made them invisible there, but created linked reports that then show in the subfolders. Each subfolder contains a separate linked report and each has parameters set within the Properties tab of SSRS that only enables the manager who will access that subfolder to see the report details specific to their area.
A manager will then be given the browser role for only the subfolder he/she has access to.
I would like to be sure that a manager will not be able to see information in other subfolders. Will my proposed structure be secure enough?
Thanks
View 5 Replies
View Related
Dec 4, 2014
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
View 1 Replies
View Related
Jul 13, 2006
I have a nasty situation in SQL Server 7.0. I have a table, in whichone column contains a string-delimited list of IDs pointing to anothertable, called "Ratings" (Ratings is small, containing less than tenvalues, but is subject to change.) For example:[ratingID/descr]1/Bronze2/Silver3/Gold4/PlatinumWhen I record rows in my table, they look something like this:[uniqueid/ratingIDs/etc...]1/2, 4/...2/null/...3/1, 2, 3/...My dilemma is that I can't efficiently read rows in my table, match thestring of ratingIDs with the values in the Ratings table, and returnthat in a reasonable fashion to my jsp. My current stored proceduredoes the following:1) Query my table with the specified criteria, returning ratingIDs as acolumn2) Split the tokens in ratingIDs into a table3) Join this small table with the Ratings table4) Use a CURSOR to iterate through the rows and append it to a string5) Return the string.My query then returns...1/"Silver, Platinum"2/""3/"Bronze, Silver, Gold"And is easy to output.This is super SLOW! Queries on ~100 rows that took <1 sec now take 12secs. Should I:a) Create a junction table to store the IDs initially (I didn't thinkthis would be necessary because the Ratings table has so few values)b) Create a stored procedure that does a "SELECT * FROM Ratings," putthe ratings in a hashtable/map, and match the values up in Java, sinceJava is better for string manipulation?c) Search for alternate SQL syntax, although I don't believe there isanything useful for this problem pre-SQL Server 2005.Thanks!Adam
View 2 Replies
View Related
Mar 29, 2007
I am just looking for feedback and maybe pointers for research regarding securing SQL 2005 for IIS access. I am currently working on a project for building a new retail website and our sysadm guys have some concerns regarding exposing our SQL box to the DMZ via direct connections to the IIS box. Now we have not completely come to a conclusion of saying that it is not possible, but we are very concerned due to recent credit card and customer data problems in the industry.
So far we have mainly talked about just exposing web services(limiting the exposure of data that can be retrieved) on an internal IIS box that would be called allowed to be accessed from only the IIS box in the DMZ using User Accounts and Client SSL Certs. What I am most concerned about is the performance of this design. I would like to try and provide a connection to the SQL box directly for the devs, but I am not sure what the best practice would be for securing this connection through the firewall and also monitoring it in case our DMZ IIS box gets owned.
Any input or direction to resources would be much appreciated. I have read quite a few papers so far and just want to get feedback on architectures and designs.
Thanks in advance.
View 1 Replies
View Related
Nov 9, 2007
I need to check in my Stored procedure if the information passed is null or empty so I can decided to insert the new value or keep the old. How do I accomplish this please in T-SQL. Thanks in advance.
View 6 Replies
View Related
Aug 14, 2007
Is there a way to find out if the user entered the date in correct format for the report parameter? For example, I am using string data type and requring the user to enter date in yyyy/mm/dd format. Can I capture and prompt the user accordingly if the date string is not provided in the above format?
View 2 Replies
View Related
Aug 8, 2006
I get this error when executing a stored procedure from my code. I suppose something's going wrong with data types, but I cannot see what. If anyone has a sharper eye and can see what it is, please let me know. Thanks in advance!Here is a code excerpt: int category = Convert.ToInt32(ddlCategories.SelectedValue); int museum = Convert.ToInt32(ddlMuseums.SelectedValue); int collection = Convert.ToInt32(ddlCollections.SelectedValue); string binomen = txtScientName.Text; string locality = txtLocality.Text; command.CommandType = CommandType.StoredProcedure; command.Parameters.Add(new SqlParameter("@taxparent", category)); command.Parameters.Add(new SqlParameter("@museum", museum)); command.Parameters.Add(new SqlParameter("@collection", collection)); command.Parameters.Add(new SqlParameter("@binomen", binomen)); command.Parameters.Add(new SqlParameter("@locality", locality));And the stored procedure code: ALTER PROCEDURE [petrander].[DynamicQuery] @taxparent int = NULL, @museum int = NULL, @collection int = NULL, @binomen Nvarchar(254) = NULL, @locality Nvarchar(254) = NULLAS SELECT * FROM QueryView WHERE InstitutionCode = COALESCE(@museum, InstitutionCode) AND CollectionCode = COALESCE(@collection, CollectionCode) AND ScientificName LIKE '%' + @binomen + '%' AND Locality LIKE '%' + @locality + '%' AND ParentID1 = COALESCE(@taxparent, ParentID3) OR ParentID2 = COALESCE(@taxparent, ParentID2) OR ParentID3 = COALESCE(@taxparent, ParentID3) OR ParentID4 = COALESCE(@taxparent, ParentID4) OR ParentID5 = COALESCE(@taxparent, ParentID5) OR ParentID6 = COALESCE(@taxparent, ParentID6) OR ParentID7 = COALESCE(@taxparent, ParentID7) OR ParentID8 = COALESCE(@taxparent, ParentID8)
View 1 Replies
View Related
Dec 28, 2006
HiI have just started using Visual Web Developer to produce
asp.net page. I am having a problem when inserting a new record into a
particular table, within the insertion form I have included a drop down
list which gathers informaton from another table. When I view the page
through the browser when I click the insert link I get an error message
on stating 'Input string not in correct format' . The code for the page is below. Does anyone know what
the problem could be? Thanks <%@ Page Language="VB" MasterPageFile="~/MasterPage.master" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="PhotoAdmin_Default" title="Untitled Page" %><asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server"> <asp:Label ID="UserIdValue" runat="server"></asp:Label><br /> <asp:SqlDataSource ID="pictureDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" DeleteCommand="DELETE FROM [Pictures] WHERE [PictureID] = @PictureID" InsertCommand="INSERT INTO [Pictures] ([UserId], [CategoryID], [Title], [Description], [UploadedOn]) VALUES (@UserId, @CategoryID, @Title, @Description, @UploadedOn)" SelectCommand="SELECT * FROM [Pictures] WHERE ([UserId] = @UserId) ORDER BY [UploadedOn] DESC" UpdateCommand="UPDATE [Pictures] SET [UserId] = @UserId, [CategoryID] = @CategoryID, [Title] = @Title, [Description] = @Description, [UploadedOn] = @UploadedOn WHERE [PictureID] = @PictureID"> <DeleteParameters> <asp:Parameter Name="PictureID" Type="Int32" /> </DeleteParameters> <UpdateParameters> <asp:Parameter Name="UserId" /> <asp:Parameter Name="CategoryID" Type="Int32" /> <asp:Parameter Name="Title" Type="String" /> <asp:Parameter Name="Description" Type="String" /> <asp:Parameter Name="UploadedOn" Type="DateTime" /> <asp:Parameter Name="PictureID" Type="Int32" /> </UpdateParameters> <SelectParameters> <asp:ControlParameter ControlID="UserIdValue" Name="UserId" PropertyName="Text" /> </SelectParameters> <InsertParameters> <asp:Parameter Name="UserId" /> <asp:Parameter Name="CategoryID" Type="Int32" /> <asp:Parameter Name="Title" Type="String" /> <asp:Parameter Name="Description" Type="String" /> <asp:Parameter Name="UploadedOn" Type="DateTime" /> </InsertParameters> </asp:SqlDataSource> <asp:SqlDataSource ID="categoriesDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT [CategoryID], [Name] FROM [Categories] ORDER BY [Name]"> </asp:SqlDataSource> <asp:SqlDataSource ID="maxPictureIDDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT MAX (PictureID) FROM Pictures WHERE UserId = @UserId"> <SelectParameters> <asp:ControlParameter ControlID="UserIdValue" Name="UserId" PropertyName="Text" /> </SelectParameters> </asp:SqlDataSource> <br /> <asp:DetailsView ID="dvPictureInsert" runat="server" AutoGenerateRows="False" DataKeyNames="PictureID" DataSourceID="pictureDataSource" DefaultMode="Insert" Height="50px" Width="125px"> <Fields> <asp:BoundField DataField="PictureID" HeaderText="PictureID" InsertVisible="False" ReadOnly="True" SortExpression="PictureID" /> <asp:TemplateField HeaderText="CategoryID" SortExpression="CategoryID"> <EditItemTemplate> <asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("CategoryID") %>'></asp:TextBox> </EditItemTemplate> <InsertItemTemplate> <asp:DropDownList ID="DropDownList1" runat="server" DataSourceID="categoriesDataSource" DataTextField="Name" DataValueField="CategoryID" SelectedValue='<%# Bind("CategoryID") %>' AppendDataBoundItems="True"> <asp:ListItem>--None--</asp:ListItem> </asp:DropDownList> </InsertItemTemplate> <ItemTemplate> <asp:Label ID="Label1" runat="server" Text='<%# Bind("CategoryID") %>'></asp:Label> </ItemTemplate> </asp:TemplateField> <asp:TemplateField HeaderText="Title" SortExpression="Title"> <EditItemTemplate> <asp:TextBox ID="TextBox2" runat="server" Text='<%# Bind("Title") %>'></asp:TextBox> </EditItemTemplate> <InsertItemTemplate> <asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("Title") %>'></asp:TextBox><br /> <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="TextBox1" Display="Dynamic" ErrorMessage="RequiredFieldValidator" ValidationGroup="PictureAdd"></asp:RequiredFieldValidator> </InsertItemTemplate> <ItemTemplate> <asp:Label ID="Label2" runat="server" Text='<%# Bind("Title") %>'></asp:Label> </ItemTemplate> </asp:TemplateField> <asp:TemplateField HeaderText="Description" SortExpression="Description"> <EditItemTemplate> <asp:TextBox ID="TextBox3" runat="server" Text='<%# Bind("Description") %>'></asp:TextBox> </EditItemTemplate> <InsertItemTemplate> <asp:TextBox ID="TextBox2" runat="server" Text='<%# Bind("Description") %>'></asp:TextBox><br /> <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="TextBox2" Display="Dynamic" ErrorMessage="RequiredFieldValidator" ValidationGroup="PictureAdd"></asp:RequiredFieldValidator> </InsertItemTemplate> <ItemTemplate> <asp:Label ID="Label3" runat="server" Text='<%# Bind("Description") %>'></asp:Label> </ItemTemplate> </asp:TemplateField> <asp:CommandField ShowInsertButton="True" /> </Fields> </asp:DetailsView> <br /> <br /></asp:Content>
View 3 Replies
View Related
May 21, 2007
I am using SQL Server Express and Visual Web Developer Express with VB as my preferred language.
I am trying to specify an InsertParameter with a querystring parameter of a SQLDataSource Control.
My Code is:
<InsertParameters>
<asp:Parameter Name="ProjectID" Type="Int32" DefaultValue="Convert.ToInt32(Label1.Text)" />
<asp:Parameter Name="Name" Type="String" />
<asp:Parameter Name="Description" Type="String" />
<asp:Parameter Name="Size" Type="Int32" />
</InsertParameters>
</asp:SqlDataSource>
I get the error message above and the detail is:
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.FormatException: Input string was not in a correct format.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FormatException: Input string was not in a correct format.]
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +2753299
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +102
System.String.System.IConvertible.ToInt32(IFormatProvider provider) +43
System.Convert.ChangeType(Object value, TypeCode typeCode, IFormatProvider provider) +293
System.Web.UI.WebControls.Parameter.GetValue(Object value, String defaultValue, TypeCode type, Boolean convertEmptyStringToNull, Boolean ignoreNullableTypeChanges) +248
System.Web.UI.WebControls.Parameter.get_ParameterValue() +67
System.Web.UI.WebControls.ParameterCollection.GetValues(HttpContext context, Control control) +255
System.Web.UI.WebControls.SqlDataSourceView.InitializeParameters(DbCommand command, ParameterCollection parameters, IDictionary exclusionList) +265
System.Web.UI.WebControls.SqlDataSourceView.ExecuteInsert(IDictionary values) +214
System.Web.UI.DataSourceView.Insert(IDictionary values, DataSourceViewOperationCallback callback) +68
System.Web.UI.WebControls.FormView.HandleInsert(String commandArg, Boolean causesValidation) +389
System.Web.UI.WebControls.FormView.HandleEvent(EventArgs e, Boolean causesValidation, String validationGroup) +609
System.Web.UI.WebControls.FormView.OnBubbleEvent(Object source, EventArgs e) +88
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35
System.Web.UI.WebControls.FormViewRow.OnBubbleEvent(Object source, EventArgs e) +109
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35
System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +86
System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +155
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +172
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4921
I have verified that Label1.Text has a value that looks like an integer. What is causing the problem? Is there a better way of creating a new record in the child table and making one of the fields match the primary key of the parent table?
Thanks.
View 7 Replies
View Related
Sep 12, 2007
Hello Everybody,I have a problem that I have an exception from a SQLDataSource when a user types in more characters to a TextBox then is allowed.First of all - is there ant built in ASP.NET way to handle that problem?Second - if not then I have to handle the Exception from the SQLDataSource myself. I can write a handler for that which will look like:1 protected void DetailsViewDS_OnUpdated(object sender, SqlDataSourceStatusEventArgs e)
2 {
3 if (e.Exception != null)
4 {
5 // do some stuff
6 }
7 }
The problem is that I would like to show the user an error message which says how many characters he can insert. So the other question is: is there any way to get automatically from the SQL DB what is a maximum length of a varchar? If I use LEN/LENGTH it gives me the current length of given entry (which actually is the current length of the varchar). But I want to get the maximum length of this concrete varchar (NOT the varchar(max) - this shows maximum length of a varchar in general - like ~20000 ).I hope I did not make it too complex ;)All the best,Joseph A. Habdank
View 6 Replies
View Related
Nov 15, 2007
Hi!I get this message: System.FormatException: Input string was not in a correct format.
when i try to execute this code:
TextBox tbox = new TextBox();
string Date;
string Title;
string Text;
string sUserName = HttpContext.Current.User.Identity.Name;
MembershipUser User = Membership.GetUser(sUserName);
string UserID = User.ProviderUserKey.ToString();
int NewsID = Convert.ToInt32(ViewEditNews.DataKeys[e.Item.ItemIndex]);
tbox = (TextBox)e.Item.FindControl("EditNewsDateTxt");
Date = tbox.Text;
tbox = (TextBox)e.Item.FindControl("EditNewsTitleTxt");
Title = tbox.Text;
tbox = (TextBox)e.Item.FindControl("EditNewsTextTxt");
Text = tbox.Text;
GetNews.UpdateCommandType = SqlDataSourceCommandType.Text;
GetNews.UpdateCommand = "UPDATE ovarvet.News SET HeadText=@Title, Text=@Text, Date=@Date, UserID=@UserID WHERE NewsID=@NewsID";
GetNews.UpdateParameters.Add("Title",TypeCode.String, Title);
GetNews.UpdateParameters.Add("Text", TypeCode.String, Text);
GetNews.UpdateParameters.Add("Date", TypeCode.String, Date);
GetNews.UpdateParameters.Add("UserID", TypeCode.UInt32, UserID);
GetNews.UpdateParameters.Add("NewsID", TypeCode.Int32, NewsID.ToString());
GetNews.Update();
ViewEditNews.DataBind();
ViewEditNews.EditItemIndex = -1;
ViewEditNews.DataBind(); Anyone who knows the problem with this code?
View 7 Replies
View Related
Mar 20, 2008
Hello, this is my code and the problem is "Input string was not in a correct format."
Dim connection As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("cnn"))
Dim percentage, jaar, kpi3, maand1 As IntegerDim cmd As SqlCommand = New SqlCommand
connection.Open()
percentage = CInt(TextBox1.Text)
jaar = CInt(TextBox2.Text)kpi3 = CInt(Kpi.SelectedValue)maand1 = CInt(Maand.SelectedValue)
cmd.CommandText = "INSERT INTO tblOverzicht(kpiID, maandID, jaar, percentage)values('" + CInt(kpi3) + "', '" + CInt(maand1) + "', '" + CInt(jaar) + "', '" + CInt(percentage) + "')"
cmd.ExecuteNonQuery()
connection.Close()
End Sub
View 10 Replies
View Related
Mar 28, 2008
Hi i keep getting an error when i search based on the coachname textbox or the team name dropdown list, when I search based on the region dropdown list it works fine. The error i get is "Input string was not in a correct format"
Here is my code;
protected void Button1_Click(object sender, EventArgs e)
{
if (this.IsValid)
{
lblResults.Text = "Here are the search results!";
}
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["streamConnectionString"].ConnectionString);
conn.Open();
SqlCommand command = new SqlCommand("stream_FindTeam", conn);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@coachName", SqlDbType.VarChar, 250).Value = coachName.Text;command.Parameters.Add("@TeamName", SqlDbType.VarChar, 250).Value = TeamList.SelectedValue;
{
if ((string.IsNullOrEmpty(Region.SelectedValue)))
{
command.Parameters.Add("@regionID", DBNull.Value);
}
else
{
command.Parameters.Add("@regionID", SqlDbType.Int ).Value = Region.SelectedValue;
}
}
SqlDataReader reader = command.ExecuteReader();
DataList1.DataSource = reader;
DataList1.DataBind();
conn.Close();
}
protected void DataList1_SelectedIndexChanged(object sender, EventArgs e)
{
}
protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
{
args.IsValid = !(String.IsNullOrEmpty(coachName.Text) && TeamList.SelectedIndex == 0 && Region.SelectedIndex == 0);
}
}
And my stored procedure is ALTER PROCEDURE [dbo].[stream_FindTeam]
@coachName varchar(100),
@TeamName varchar(100),
@regionID INT
AS
SELECT TeamID, coachName FROM Teams
WHERE coachName LIKE COALESCE(@coachName, coachName)
AND TeamName = COALESCE(@TeamName, TeamName)
AND regionID = COALESCE(@regionID, regionID);
View 2 Replies
View Related
Mar 30, 2008
Hi, im using vb,net sql 2005. I keep getting this error when inserting on one of my forms, normally i debug and have no probs solving this sort of thing but the error below isnt giving me anything to work on, could someone point me in the right direction. Any help would be appreciatedThanks
[FormatException: Input string was not in a correct format.]
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +2752899
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +102
System.String.System.IConvertible.ToInt32(IFormatProvider provider) +43
System.Convert.ChangeType(Object value, TypeCode typeCode, IFormatProvider provider) +293
System.Web.UI.WebControls.Parameter.GetValue(Object value, String defaultValue, TypeCode type, Boolean convertEmptyStringToNull, Boolean ignoreNullableTypeChanges) +248
System.Web.UI.WebControls.ObjectDataSourceView.MergeDictionaries(ParameterCollection reference, IDictionary source, IDictionary destination, String parameterNameFormatString) +445
System.Web.UI.WebControls.ObjectDataSourceView.ExecuteInsert(IDictionary values) +620
System.Web.UI.DataSourceView.Insert(IDictionary values, DataSourceViewOperationCallback callback) +68
System.Web.UI.WebControls.DetailsView.HandleInsert(String commandArg, Boolean causesValidation) +392
System.Web.UI.WebControls.DetailsView.HandleEvent(EventArgs e, Boolean causesValidation, String validationGroup) +609
System.Web.UI.WebControls.DetailsView.OnBubbleEvent(Object source, EventArgs e) +88
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35
System.Web.UI.WebControls.DetailsViewRow.OnBubbleEvent(Object source, EventArgs e) +109
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35
System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +86
System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +155
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +172
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4925
View 1 Replies
View Related
Apr 13, 2008
Hi,I am trying to Update using SqlDataSource.I get the error: Input string was not in a correct format. Does anyone know what would cause this?Thanks,Jon
View 1 Replies
View Related
Jun 11, 2008
Hi i hope someone can help with my problem, im quite nb to asp.net. while im trying to update or insert the record i encountered the this error Input string was not in a correct format. I only encounter this only in one field (value_char9) pls note this is varchar2 in the table. the problem encounter when i try to input value greater than sign e.g. >1000, but if there no symbol updating and insertion work fine. If PageMode = "Add" ThencmdSql = New OleDbCommand("Select id From r_feclas Where fec_key='" & strFType & "' And fec_type='PNTTYP' And code_status<>'I'", sqlConn)intKPTId = cmdSql.ExecuteScalar()'cmdSql = New OleDbCommand("Select mond.Nextval From dual", sqlConn) : intId = cmdSql.ExecuteScalar()Dim cmdSql2 As OleDbCommand = New OleDbCommand()Dim sqlTrans As OleDbTransaction = sqlConn.BeginTransaction()cmdSql2.Connection = sqlConn : cmdSql2.Transaction = sqlTransTry 'cmdSql2.CommandText = "Select last_doc_num From r_docnum Where doc_type='MOND' FOR UPDATE" 'intId = cmdSql2.ExecuteScalar() + 1 'cmdSql2.CommandText = "Update r_docnum Set last_doc_num=" & intId & " Where doc_type='MOND'" cmdSql2.CommandText = "Select Mond.NextVal From dual" intId = cmdSql2.ExecuteScalar()sqlTrans.Commit()Catch ex As ExceptionsqlTrans.Rollback()lblErrorMsg.Text = ex.Message : lblErrorMsg.Visible = TrueReturnEnd TrystrSql = "Insert Into r_mondat (read_date, value_num1, value_char1, value_char2, value_char3, value_char4, value_char5, " & _ "value_char6, value_char7, value_char8, value_char9, value_char10, value_char11, value_char12, " & _ "value_char13, value_char14, value_char15, value_char16, value_char17, value_char18, value_char19, Id, " & _ "last_updt, updt_user, created_on, created_by, tag, position, key_pnt, tag_fe_id, positn_fe_id, keypnt_fe_id, " & _ "key_pnt_type_grp, key_pnt_type, form_type, key_pnt_type_id) " & _ "Values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,SYSDATE,'" & Cache(Session.SessionID & "_UserId") & "',SYSDATE,'" & Cache(Session.SessionID & "_UserId") & "'," & _ "'" & strT & "','" & strP & "','" & strK & "'," & intT & "," & intP & "," & intK & ",'" & strFType & "','" & strFType & "','" & strFType & "'," & intKPTId & ")"ElseintId = dgrdData.DataKeys(0) strSql = "Update r_mondat Set read_date=?, value_num1=?, value_char1=?, value_char2=?, value_char3=?, value_char4=?, value_char5=?, " & _ "value_char6=?, value_char7=?, value_char8=?, value_char9=?, value_char10=?, value_char11=?, value_char12=?, " & _ "value_char13=?, value_char14=?, value_char15=?, value_char16=?, value_char17=?, value_char18=?, value_char19=?, " & _ "last_updt=sysdate " & "Where id=?" End If cmdSql = New OleDbCommand(strSql, sqlConn) cmdSql.Parameters.Add("@R1", OleDbType.Date).Value = dtDate cmdSql.Parameters.Add("@N1", OleDbType.Numeric).Value = GetValueFromDataGrid("N1") For i = 1 To 19 cmdSql.Parameters.Add("@C" & i, OleDbType.VarChar, 20).Value() = GetValueFromDataGrid("C" & i) Next cmdSql.Parameters.Add("@Id", OleDbType.Numeric).Value = intId Try cmdSql.ExecuteNonQuery() lblErrorMsg.Text = "Data Updated Successfully." dgrdData.EditItemIndex = -1 If PageMode = "Add" Then RetrieveLeakData(intId) Else RetrieveLeakData() Catch ex As Exception lblErrorMsg.Text = ex.Message Finally sqlConn.Close() End Try lblErrorMsg.Visible = True Trace.Write("lnkUpdate_Click End")
View 6 Replies
View Related
Sep 24, 2004
************* Edited by moderator Adec ***************
Inserted missing < code></ code> tags. Always include such
tags when including code in your postings. Don't force the
moderators to do this for you. Many readers disregard
postings without the code tags.
**************************************************
I've been workin on this a while and hope I just missed something simple. I have a login page that looks in the db for the rec_id that has the correct un/pw combo. Simple u'd think but I keep getting that error. Any help is greatly appreciated.
Private Sub CheckUser(ByVal CurrentSQLCommand As SqlCommand)
'Declare vars for user and pass. Not needed now but will be used for input checking later
Dim strUN As String = txtUN.Text
Dim strPW As String = txtPW.Text
CurrentSQLCommand.Parameters.Item("@un").Value = strUN
CurrentSQLCommand.Parameters.Item("@pw").Value = strPW
SqlConnection1.Open()
Dim datareader As SqlDataReader = CurrentSQLCommand.ExecuteReader
While datareader.Read
If datareader.HasRows Then
txtID.Text = datareader(0)
If txtR.Text = 3 Then
Response.Redirect("hcprov.aspx?id=" & txtID.Text)
ElseIf txtR.Text = 2 Then
Response.Redirect("hcprof.aspx?id=" & txtID.Text)
ElseIf txtR.Text = 1 Then
Response.Redirect("hca.aspx?id=" & txtID.Text)
End If
'CreateTicket()
ElseIf Not datareader.HasRows Then
txtUN.Text = ""
txtPW.Text = ""
lblError.Text = "This User/Pass combo is not valid please try again!"
lblError.Visible = True
End If
datareader.Close()
SqlConnection1.Close()
End While
End Sub
cmdCheckProfUser
SELECT REC_ID
FROM dbo.HCPROFESSIONAL
WHERE (UN = @un) AND (PW = @pw)
View 7 Replies
View Related
May 16, 2005
Looking for some help with a page that is giving me problems. Below is code for the function that I need help with:
Function MyInsertMethod() As Integer Dim connectionString As String = "server=chatt; user id='sa'; password=1234; database=chtt_Fit"& _ "tings'" Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionString)
Dim queryString As String = "INSERT INTO [ProcessYield] ([ProdDate], [CupolaCharge], [MetalPoured], [ToTen],[FeSiCharge],lt1,lt2,lt3,lt4) VALUES (@ProdDate, @CupolaCharge, @MetalPoured, @ToTen, @FeSiCharge,@lt1,@lt2,@lt3,@lt4)" Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand dbCommand.CommandText = queryString dbCommand.Connection = dbConnection
Dim ProdDate as String = Calendar1.selecteddate Dim ParameterProdDate as New SqlParameter("@ProdDate",SqldbType.datetime, 8) ParameterProdDate.Value = ProdDate dbCommand.Parameters.Add(ParameterProdDate)
Dim MetalPoured as String = TextBox3.Text Dim ParameterMetalPoured as New SqlParameter("@MetalPoured",SqldbType.float, 8) ParameterMetalPoured.Value = MetalPoured dbCommand.Parameters.Add(ParameterMetalPoured)
Dim CupolaCharge as String = Textbox1.Text Dim ParameterCupolaCharge as New SqlParameter("@CupolaCharge",SqldbType.float, 8) ParameterCupolaCharge.Value = CupolaCharge dbCommand.Parameters.Add(ParameterCupolaCharge)
Dim ToTen as String = Textbox4.Text Dim ParameterToTen as New SqlParameter("@ToTen",SqldbType.float, 8) ParameterToTen.Value = ToTen dbCommand.Parameters.Add(ParameterToTen)
Dim FeSiCharge as string = (Textbox5.Text/2000) Dim ParameterFeSiCharge as New SqlParameter("@FeSiCharge",SqldbType.float, 8) ParameterFeSiCharge.Value = FeSiCharge dbCommand.Parameters.Add(ParameterFeSiCharge)
Dim lt1 as String = TextBox6.Text Dim Parameterlt1 as New SqlParameter("@lt1",SqldbType.float, 8) Parameterlt1.Value = lt1 dbCommand.Parameters.Add(Parameterlt1)
Dim lt2 as String = TextBox7.Text Dim Parameterlt2 as New SqlParameter("@lt2",SqldbType.float, 8) Parameterlt2.Value = lt2 dbCommand.Parameters.Add(Parameterlt2)
Dim lt3 as String = TextBox8.Text Dim Parameterlt3 as New SqlParameter("@lt3",SqldbType.float, 8) Parameterlt3.Value = lt3 dbCommand.Parameters.Add(Parameterlt3)
Dim lt4 as String = TextBox9.Text Dim Parameterlt4 as New SqlParameter("@lt4",SqldbType.float, 8) Parameterlt4.Value = lt4 dbCommand.Parameters.Add(Parameterlt4)
Dim rowsAffected As Integer = 0 dbConnection.Open
Try rowsAffected = dbCommand.ExecuteNonQuery Finally dbConnection.Close End Try Return rowsAffected End Function
Ok the error happens when a user leaves the textbox5.text empty...pages says not to enter 0 since you can't divide into zero. This page has worked for over a year but recently upgraded from SQL 7.0 to SQL 2000 and is no longer working.
Have tried converting data types, different data types on server, etc. Any advise is appreciated. Thanks. BTW new to forums... if this is wrong board to post on sorry and feel free to move where needed.
Here is submit code if that helps any also:
Sub Button2_Click(sender As Object, e As EventArgs) MyInsertMethod() UpdateDailyActivity() MXDataGrid1.DataSource = Getsaveresult() MXDataGrid1.DataBind() textbox1.text = "" textbox3.text = "" textbox4.text = "" textbox5.text = "" textbox6.text = "0" textbox7.text = "0" textbox8.text = "0" textbox9.text = "0"
Error Message:
FormatException: Input string was not in a correct format.] Microsoft.VisualBasic.CompilerServices.DoubleType.Parse(String Value, NumberFormatInfo NumberFormat) +195 Microsoft.VisualBasic.CompilerServices.DoubleType.FromString(String Value, NumberFormatInfo NumberFormat) +84[InvalidCastException: Cast from string "" to type 'Double' is not valid.] Microsoft.VisualBasic.CompilerServices.DoubleType.FromString(String Value, NumberFormatInfo NumberFormat) +173 Microsoft.VisualBasic.CompilerServices.DoubleType.FromString(String Value) +7 ASP.CupolaYieldEntry_aspx.MyInsertMethod() in D:ProductionControlyieldcupolayieldentry.aspx:76 ASP.CupolaYieldEntry_aspx.Button2_Click(Object sender, EventArgs e) in D:ProductionControlyieldcupolayieldentry.aspx:142 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1292
View 1 Replies
View Related
Nov 5, 2005
I am trying to do an insert into a SQL server table but I am getting an "input string was not in correct format" error. Does this error always refer to SQL string problem? I put in a breakpoint and looked at the SQL and it looks good but until I figure this out I will be tracing through the code. Any input greatly appreciated. MyCmd.CommandText = sSQL MyCmd.ExecuteNonQuery() 'Line where I get the errorThanks,Joe
View 2 Replies
View Related
Apr 3, 2006
Hi,
I am trying to insert a record into 2 tables with master-child relationship. When i execute the code i get this error on the statement " UserID = Convert.ToInt32(cmdExp.ExecuteScalar())"
Can anyone help?
CODE AS FOLLOWS
Dim con As SqlConnection
Dim trans As SqlTransaction = Nothing
Dim cmdExp As SqlCommand
Try
con = New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
con.Open()
trans = con.BeginTransaction
'CREATE THE COMMAND
cmdExp = New SqlCommand()
cmdExp.Connection = con
cmdExp.Transaction = trans
'Create the appropriate SQL statement
cmdExp.CommandText = "INSERT INTO USER_DETAILS (HOSPITAL_ID,FIRST_NAME,LAST_NAME,ADDRESS,CITY,STATE,ZIP,PHONE,EMAIL,REG_CODE,STATUS,REG_DATE,UPDATE_DATE) VALUES (@PARHOSPITALID,@PARFIRSTNAME,@PARLASTNAME,@PARADDRESS,@PARCITY,@PARSTATE,@PARZIP,@PARPHONE,@PAREMAIL,@PARREGCODE,@PARSTATUS,@PARREGDATE,@PARUPDATEDATE)"
'Add the parameters
cmdExp.Parameters.Add(New SqlParameter("@PARHOSPITALID", SqlDbType.Int, 4))
cmdExp.Parameters("@PARHOSPITALID").Value = var_hospitalid
cmdExp.Parameters.Add(New SqlParameter("@PARFIRSTNAME", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARFIRSTNAME").Value = var_firstname
cmdExp.Parameters.Add(New SqlParameter("@PARLASTNAME", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARLASTNAME").Value = var_lastname
cmdExp.Parameters.Add(New SqlParameter("@PARADDRESS", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARADDRESS").Value = var_address
cmdExp.Parameters.Add(New SqlParameter("@PARCITY", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARCITY").Value = var_city
cmdExp.Parameters.Add(New SqlParameter("@PARSTATE", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARSTATE").Value = var_state
cmdExp.Parameters.Add(New SqlParameter("@PARZIP", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARZIP").Value = var_zip
cmdExp.Parameters.Add(New SqlParameter("@PARPHONE", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARPHONE").Value = var_phone
cmdExp.Parameters.Add(New SqlParameter("@PAREMAIL", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PAREMAIL").Value = var_email
cmdExp.Parameters.Add(New SqlParameter("@PARREGCODE", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARREGCODE").Value = var_regcode
cmdExp.Parameters.Add(New SqlParameter("@PARSTATUS", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARSTATUS").Value = var_status
cmdExp.Parameters.Add(New SqlParameter("@PARREGDATE", SqlDbType.DateTime, 8))
cmdExp.Parameters("@PARREGDATE").Value = DateTime.Now()
cmdExp.Parameters.Add(New SqlParameter("@PARUPDATEDATE", SqlDbType.DateTime, 8))
cmdExp.Parameters("@PARUPDATEDATE").Value = DateTime.Now()
Dim UserID As Integer
UserID = Convert.ToInt32(cmdExp.ExecuteScalar())
cmdExp.CommandText = "UPDATE WEBCAM SET USER_ID= @PARUSERID,STATUS =@PARWEBCAMSTATUS WHERE WEBCAM_ID='" & var_webcamid & "'"
cmdExp.Parameters.Add(New SqlParameter("@PARUSERID", SqlDbType.BigInt, 8))
cmdExp.Parameters("@PARUSERID").Value = UserID
cmdExp.Parameters.Add(New SqlParameter("@PARWEBCAMSTATUS", SqlDbType.VarChar, 20))
cmdExp.Parameters("@PARWEBCAMSTATUS").Value = "INUSE"
cmdExp.ExecuteNonQuery()
trans.Commit()
View 4 Replies
View Related
Jul 20, 2005
im using asp.net, C# to enter data into a table in sqlserver...however im getting this error:Input string was not in a correct format.Description: An unhandled exception occurred during the execution ofthe current web request. Please review the stack trace for moreinformation about the error and where it originated in the code.Exception Details: System.FormatException: Input string was not in acorrect format.Source Error:Line 120:cmd.Parameters.Add("@commission",SqlDbType.Money);Line 121:cmd.Parameters["@commission"].Direction=ParameterDirection.Input;Line 122:cmd.Parameters["@commission"].Value =Convert.ToDouble(txtinvoice.Text);Line 123:cmd.Parameters.Add("@pricesold",SqlDbType.Money);Line 124:cmd.Parameters["@pricesold"].Direction=ParameterDirectionSimilar error messages appear when I leave text fields blank that aregoing to be inserted into fields in the table of datatype money,datetime or int...however when i execute this in query analyzer it works and inputs nullvalues for those fields:declare @empid varchar(20), @inventoryid int, @clientid int,@commission money,@pricesold money, @datesold datetime, @invoiceidint, @shippingcost money, @terms varchar(50), @details varchar(50),@clienttype smallint, @checker int, @errordesc varchar(100)set @empid = 'admin'set @inventoryid = 14set @clientid= 2set @clienttype = 0set @commission = nullexec STP_updateconsignment @empid, @inventoryid, @clientid,@commission,@pricesold, @datesold, @invoiceid, @shippingcost, @terms,@details, @clienttype, @checker output, @errordesc outputIf Im in enterprise manager and try to enter a blank value into one ofthose fields I get: The value you entered is not consistent with thedata type or length of the column...so im wondering if the C# page issending my stored procedure a blank value instead of a Null andcausing this error?any advice would be nice..thanks-Jim
View 2 Replies
View Related
Aug 24, 2007
Code SnippetSQL: select max(id) from t1
Input string was not in a correct format.
at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
at System.Number.ParseInt64(String value, NumberStyles options, NumberFormatInfo numfmt)
at System.Data.Odbc.OdbcDataReader.internalGetInt64(Int32 i)
at System.Data.Odbc.OdbcDataReader.GetValue(Int32 i, TypeMap typemap)
at System.Data.Odbc.OdbcDataReader.GetValue(Int32 i)
at System.Data.Odbc.OdbcCommand.ExecuteScalar()
really strange error
this is the table t1
name varchar
id bigint
select name from t1 works.
select id from t1 gave me the same error as above too.
Is it because of its compatible with odbc connection for SQL Server 2005?
what is causing the problem?
Further updates!!
select id from t1 works if data type is int instead of bigint !!!
is this a problem with the SQL Server driver?
I'm connecting to the database via ODBC DSN by the way.
OS is Windows Server 2003.
Thanks,
Max
View 1 Replies
View Related
Mar 4, 2007
hi
i have a database with some data in it and iam using full-text-search to search through my data and the search query works fine in sql server manamgnet studio. so my problem is in my web application, i have a textbox where i enter e.g car and click the search button, the button executes the search query but i recive an error "Input string was not in a correct format". here is the code that the button executes:
Protected Sub searchButton_Click(ByVal sender As Object, ByVal e As System.EventArgs)
searchSqlDataSource.SelectCommand = "Select ID, title, FROM myTable WHERE CONTAINS(description, @search)"
searchSqlDataSource.SelectParameters.Add("search", searchTextBox.Text)
searchSqlDataSource.DataBind()
End Sub
tnx in advac
View 2 Replies
View Related
Apr 16, 2008
I have a page where user can insert a new record, i use stroed procedures:ALTER PROCEDURE [dbo].[sp_InsertTypes]
@Type varchar(10),
@Type_Desc varchar(35),
@Contact_Name varchar(20),
@Contact_Ad1 varchar(25),
@Contact_Ad2 varchar(25),
@Contact_City varchar(10),
@Contact_Phone varchar(12),
@Contact_Fax varchar(12),
@Contact_Email varchar(35)
Insert into dbo.Types (Type,Type_Desc,Contact_Name,Contact_Ad1,Contact_Ad2,Contact_City,Contact_Phone,
Contact_Fax,Contact_Email) values (@Type,@Type_Desc,@Contact_Name,@Contact_Ad1,@Contact_Ad2,@Contact_City,
@Contact_Phone, @Contact_Fax,@Contact_Email)
My code is:Protected Sub InsertButton_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim myConnection As New SqlConnection(ConfigurationManager.ConnectionStrings("myConnectionString").ConnectionString)Dim myCommand As SqlCommand
Dim TypeTxt As TextBox = FormView1.FindControl("TypeTextBox")Dim DescTxt As TextBox = FormView1.FindControl("TypeDescTextBox")
Dim NameTxt As TextBox = FormView1.FindControl("ContactNameTextBox")Dim phoneTxt As TextBox = FormView1.FindControl("ContactPhoneTextBox")
Dim ad1Txt As TextBox = FormView1.FindControl("ContactAd1Textbox")Dim ad2Txt As TextBox = FormView1.FindControl("ContactAd2Textbox")
Dim cityTxt As TextBox = FormView1.FindControl("ContactCityTextbox")Dim faxTxt As TextBox = FormView1.FindControl("ContactFaxTextbox")
Dim emailTxt As TextBox = FormView1.FindControl("ContactEmailTextbox")myCommand = New SqlCommand("[dbo].[sp_Insert_Types]", myConnection)
myCommand.CommandType = CommandType.StoredProcedure
myCommand.Parameters.Add("@Type", SqlDbType.BigInt).Value = TypeTxt.Text
myCommand.Parameters.Add("@Type_Desc", SqlDbType.VarChar).Value = DescTxt.Text
myCommand.Parameters.Add("@Contact_Name", SqlDbType.VarChar).Value = NameTxt.Text
myCommand.Parameters.Add("@Contact_Phone", SqlDbType.VarChar).Value = phoneTxt.Text
myCommand.Parameters.Add("@Contact_Ad1", SqlDbType.VarChar).Value = ad1Txt.Text
myCommand.Parameters.Add("@Contact_Ad2", SqlDbType.VarChar).Value = ad2Txt.Text
myCommand.Parameters.Add("@Contact_City", SqlDbType.VarChar).Value = cityTxt.Text
myCommand.Parameters.Add("@Contact_Fax", SqlDbType.VarChar).Value = faxTxt.Text
myCommand.Parameters.Add("@Contact_Email", SqlDbType.VarChar).Value = emailTxt.Text myConnection.Open()
myCommand.ExecuteNonQuery()
myConnection.Close()
End Sub
I have almost the identical procedure & code for Update command button, and worked well, what am I doing wrong? I even tried adding ' in front and after the texts.
Thank you.
View 5 Replies
View Related
May 29, 2008
I am trying to execute an SQL update statement as follows:myObj.Query("Update Schedule Set visitorScore=" + t1 + ", homeScore=" + t2 + " where id=" + Convert.ToInt16(HID.Value));However, I'm getting the following error message with regards to this line.: Exception Details: System.FormatException: Input string was not in a correct format. Could anyone please tell me what is wrong with this line? I have tried many different versions of this, but keep getting the same error. THANKS IN ADVANCE!
View 3 Replies
View Related
Oct 20, 2005
Hi experts, I am working on my asp.net application and received an error message on dr = cmdGetFile.ExecuteReader:Error: Input string was not in a correct format. Can someone help me out of this? Thank you in advance.------------------------------------------------------------------------------------ #Region " Web Form Designer Generated Code "
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent() Me.cmdGetFile = New System.Data.SqlClient.SqlCommand Me.dbHRConn = New System.Data.SqlClient.SqlConnection ' 'cmdGetFile ' Me.cmdGetFile.CommandText = "SELECT App_Resume_FileSize, App_Resume_FileName, App_Resume, App_Resume_FileType " & _ "FROM Mgmt_App_Resume_Table WHERE (Applicant_ID = @AppID)" Me.cmdGetFile.Connection = Me.dbHRConn Me.cmdGetFile.Parameters.Add(New System.Data.SqlClient.SqlParameter("@AppID", System.Data.SqlDbType.SmallInt, 2, "Applicant_ID")) ' 'dbHRConn ' Me.dbHRConn.ConnectionString = "the connection string"
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Dim dr As System.Data.SqlClient.SqlDataReader cmdGetFile.Parameters("@AppID").Value = Request("Applicant_ID") dbHRConn.Open() dr = cmdGetFile.ExecuteReader
If dr.Read Then Response.ContentType = dr("App_Resume_FileType").ToString Response.OutputStream.Write(CType(dr("App_Resume"), _ Byte()), 0, CInt(dr("App_Resume_FileSize"))) Response.AddHeader("Content-Disposition", _ "attachment;filename=" + dr("App_Resume_FileName").ToString()) Else Response.Write("File Not Found.") End IfEnd Sub
View 5 Replies
View Related
Jun 28, 2004
if i send the string
2,3,4,5 to a stored procedure...
is there a way i could split those values for input into the database? no, right? i would need a seperate stored procedure that would take each value one at a time...correct?
View 7 Replies
View Related
Nov 17, 2005
Ok, when I bind a textbox in my FormView I'm changing the format to
currency (<%# Bind("TotalValue","{0:c}") %>). When I click
Update I get "Input string was not in a correct format" since
TotalValue is Int32 data type.
Shouldn't it convert it back to Int32 when it updates the db? Or do I have to do it manually, and if so how?
View 2 Replies
View Related
