Insert into table through ASP.NET Controls

Question

I am new to ASP.NET

When I am trying to run the below command:

SqlConnection myconn=new SqlConnection();

myconn.ConnectionString = "Data Source=PINTU-PC\\SQLEXPRESS;Initial Catalog=pintuDB;Integrated Security=True";

myconn.Open();

string qry="insert into test values('"+ username +"')";

SqlCommand cmd=new SqlCommand(qry,myconn);

cmd.ExecuteNonQuery(); 

myconn.Close();

I am getting data as "System.Web.UI.WebControls.TextBox" in my table test.

Help Please.

Answer 1

The problem is you did not call the .Text property on the textbox. I guess the name of your textbox is username and should have been used like username.Text otherwise, because of concatenation, the textbox is converted to a string which becomes System.Web.UI.WebControls.TextBox

string qry="insert into test values('"+ username.Text +"')";

For security reason, values from controls should not be concatenated in queries, you should be using Parameters to avoid Sql Injection

string connectionString = "Data Source=PINTU-PC\\SQLEXPRESS;Initial Catalog=pintuDB;Integrated Security=True";
using(SqlConnection myconn = new SqlConnection(connectionString))
{
   string qry="insert into test values(@username)";
   SqlCommand cmd=new SqlCommand(qry, myconn);
   comm.Parameters.AddWithValue(@username, username.Text);
   cmd.ExecuteNonQuery();

   myconn.Close();
}