locked
Session Problem & Updating to Access Database... RRS feed

  • Question

  • User-305388250 posted

    Hey,

    I'm trying to create a Session by registering a user. The process is as follows:

     1. The user registers on register.aspx

     2. This then takes them to register_two.aspx, where they upload an image

     3. This then takes them to the final step of registering on register_three.aspx where they enter a username and password

    The problem is that when it comes to the final stage, i have put in an update statement, updating the taxi_company table where the username = session["register"]


            OleDbDataReader myReader;
            OleDbCommand cmd2;

            string cmdString = "SELECT [company_name] FROM [taxi_company]";

            string conString = "Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=F:\\Year 3\\PROJECT\\Just_Taxis\\main\\App_Data\\test.mdb;";

            OleDbConnection empConnection = new OleDbConnection(conString);

            string insertStatement = "INSERT INTO taxi_company "
            + "([company_name], [seats], [details], [mile], [tel_no]) "
            + "VALUES (@company_name, @seats, @details, @miles, @tel_no)";

            OleDbCommand insertCommand = new OleDbCommand(insertStatement, empConnection);
            cmd2 = new OleDbCommand(cmdString, empConnection);

            insertCommand.Parameters.Add("@company_name", OleDbType.Char).Value = txt_name.Text;
            insertCommand.Parameters.Add("@seats", OleDbType.Char).Value = txt_seats.Text;
            insertCommand.Parameters.Add("@details", OleDbType.Char).Value = txt_details.Text;
            insertCommand.Parameters.Add("@miles", OleDbType.Char).Value = txt_mile.Text;
            insertCommand.Parameters.Add("@tel_no", OleDbType.Char).Value = txt_no.Text;

            empConnection.Open();

            myReader = cmd2.ExecuteReader();

            if (myReader.Read())
            {
                Session["register"] = myReader["company_name"].ToString();
            }

            try
            {
                int count = insertCommand.ExecuteNonQuery();
                Response.Redirect("register_two.aspx");
            }
            catch (OleDbException ex)
            {
                Label1.Text = "<b style=color:red>Error, Try Again</b>";
            }
            finally
            {
                myReader.Close();
                empConnection.Close();
            }

     

    as you can see above in register.aspx, it inserts the data in the table and should create a session for register.

            OleDbConnection conn;
            int RecordsAffected;

            conn = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=F:\\Year 3\\PROJECT\\Just_Taxis\\main\\App_Data\\test.mdb;");

            conn.Open();

            OleDbCommand cmd = new OleDbCommand("UPDATE taxi_company SET [username]='" + txt_uname.Text + "', [password]='" + txt_pword.Text + "' WHERE [company_name] = '" + Session["register"] + "'", conn);
            
            RecordsAffected = cmd.ExecuteNonQuery();
            conn.Close();

            Response.Redirect("register_success.aspx");

    then when they get to  register_three.aspx, i want to update the table only where the username is the same as the session, otherwise it will update the wrong fields. I think i have explained it as much as i can. Can you help me plz...? The session is not working so is not updating anything into the taxi_company table

     

    Thank You

    Saturday, November 29, 2008 10:18 AM

Answers

All replies

  • User-821857111 posted

    This seems like a very odd way to do what you are trying to do.  First, why not have all the fields they need to complete on one page?  If they get bored or something else happens and they don't complete their registration, you have rows in your database that won't do anything.  Second, you are not filtering your results in your select statement.  You are retrieving all company names.  The value of Session["Register"] will be the same for everyone, which means you will only ever update one row in the database - and it will be the same row everytime.

    If you really want to break your form into 3 parts, why not use the wizard control or a multiview?  All values will be available for one insert statement at the end.

    Finally, you begin by using parameters (which is excellent), but end up using horrid dynamic SQL where you cancatenate values that users have supplied.  Stick to parameters all the way thtough.

     

    Saturday, November 29, 2008 1:39 PM
  • User-305388250 posted

    [:)]  true, i was just tryinh to be different but it didnt work. I've put it all on the one page. By the way in the connection string of my Data Source: -

    "Data Source=F:\\Year 3\\PROJECT\\Just_Taxis\\main\\App_Data\\test.mdb";

    I keep having to change the drive from F: to E: or whatever the drive number is. I've tried doing the localhost way but keep receiving errors. I am currently using the local server, but eventually i will upload to an external server, how can i prevent this problem?

    Thank You

     

    P.S. If possible can you show me a sample connection string so i can see where i am going wrong...

     

    Sunday, November 30, 2008 12:32 AM
  • User-821857111 posted

    Use the |DataDirectory| substitution string: http://www.mikesdotnetting.com/Article.aspx?ArticleID=78

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, November 30, 2008 3:27 AM
  • User-305388250 posted

    Thanks mate that worked, i can see what its doing here, by looking in the App_Data folder it locates the database.

    Sunday, November 30, 2008 1:11 PM