473,466 Members | 2,016 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Desperately need help in drop down list

Hi all,
I have a drop down list which store all the different brands of
product.When i selected the particular brand from the drop down list, it
will display all the products with the selected brand in a datagrid. I have
this error when i select a brand from the drop down list. Blow is my
code,anyone can help me to solve my error,which part of my code went wrong?
Really thanx and very appreciate your help in advanced.. I have been
stucked for days regarding this error..

This is the error : No value given for one or more required parameters.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Data.OleDb.OleDbException: No value given for one
or more required parameters.

Source Error:
Line 208: objAdp = New OleDb.OleDbDataAdapter(strSqlCmd, con)
Line 209: dataTable = New DataTable
Line 210: objAdp.Fill(dataTable)
Line 211: dgProducts.DataSource = dataTable
Line 212: dgProducts.DataBind()

Here is the code :
Dim strSqlCmd As String
Dim objAdp As OleDb.OleDbDataAdapter
Dim dataTable As DataTable
Dim brand As String

brand = ddlBrand.SelectedItem.Value

strSqlCmd = "Select p.ProductID, p.ProductName, p.ProductBrand, " & _
"p.ProductImage, p.Price, p.Quantity " & _
"From Product p, CategoryProduct cp Where " & _
"p.ProductID= cp.productID " & _
"and cp.CategoryID=" & Request.QueryString.Get
("CategoryID") & _
"and p.ProductBrand=" & brand
objAdp = New OleDb.OleDbDataAdapter(strSqlCmd, con)
dataTable = New DataTable
objAdp.Fill(dataTable)
dgProducts.DataSource = dataTable
dgProducts.DataBind()
End Sub

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200505/1
Nov 19 '05 #1
6 2012
Hi Joey,

I assume that the autopostback on the dropdown list is open.

What does Request.QueryString.Get ("CategoryID") return when you change the
dropdownlist item? Make sure it returns what you expect it to return. (i.e:
not empty string)

By the way, try to use paramters collection of the sql command object. At
the moment your code is vulnerable to SQL Injection.

Hope this helps,

Ethem Azun
"Joey Liang via DotNetMonster.com" wrote:
Hi all,
I have a drop down list which store all the different brands of
product.When i selected the particular brand from the drop down list, it
will display all the products with the selected brand in a datagrid. I have
this error when i select a brand from the drop down list. Blow is my
code,anyone can help me to solve my error,which part of my code went wrong?
Really thanx and very appreciate your help in advanced.. I have been
stucked for days regarding this error..

This is the error : No value given for one or more required parameters.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Data.OleDb.OleDbException: No value given for one
or more required parameters.

Source Error:
Line 208: objAdp = New OleDb.OleDbDataAdapter(strSqlCmd, con)
Line 209: dataTable = New DataTable
Line 210: objAdp.Fill(dataTable)
Line 211: dgProducts.DataSource = dataTable
Line 212: dgProducts.DataBind()

Here is the code :
Dim strSqlCmd As String
Dim objAdp As OleDb.OleDbDataAdapter
Dim dataTable As DataTable
Dim brand As String

brand = ddlBrand.SelectedItem.Value

strSqlCmd = "Select p.ProductID, p.ProductName, p.ProductBrand, " & _
"p.ProductImage, p.Price, p.Quantity " & _
"From Product p, CategoryProduct cp Where " & _
"p.ProductID= cp.productID " & _
"and cp.CategoryID=" & Request.QueryString.Get
("CategoryID") & _
"and p.ProductBrand=" & brand
objAdp = New OleDb.OleDbDataAdapter(strSqlCmd, con)
dataTable = New DataTable
objAdp.Fill(dataTable)
dgProducts.DataSource = dataTable
dgProducts.DataBind()
End Sub

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200505/1

Nov 19 '05 #2
Hi Ethem Azun
Yup i hav set autoPostBack= true. As i am doing a e-commerce
web which have different categories.Example i have clicked on a category
"ink cartridges" it will show all the products in this category. When i
select a brand "HP" from the drop down list, it will only display all "HP"
brand ink cartridges.Hence i use Request.QueryString.Get ("CategoryID") to
display the category that the user clicked. You have any idea which part of
error wrong? is my Select statement wrong?I really need help in
these..thanx..

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200505/1
Nov 19 '05 #3

Hi Joey,

Why are you using the Query string for this purpose? Since you are using
postbacks, you should use the SelectedItem property of the drop down list to
get the selected value. Besides, if your parameter is a string value, you
should include it inside aphostrophes, ('') in your sql select statement.

There are several flaws in the code particle you have sent me. I would
recommend learning and doing the right way instead of writing fast code that
just works. It's out of scope for me to explain every detail here, but please
follow this path;

1) Use sqlparameters instead of string concatenations. This way, you can
make sure that nobody can use SQL Injection on your application and there are
no typo mistakes such as forgetting aphostrophes etc. Take a look the code in
this link, which includes how to use sql parameters with a sql command.

http://msdn.microsoft.com/library/de...qldatabase.asp

If you wonder about why I'm stressing on this point, check out this;
http://www.sitepoint.com/article/sql...n-attacks-safe

2) Learn the correct way of using the web controls and the code behind model;

WebUI Control Reference:
http://samples.gotdotnet.com/quickst...ntrolsref.aspx
Code Behind Model:
http://msdn.microsoft.com/msdnmag/is...g/default.aspx

Hope this helps,

Ethem Azun


"Joey Liang via DotNetMonster.com" wrote:
Hi Ethem Azun
Yup i hav set autoPostBack= true. As i am doing a e-commerce
web which have different categories.Example i have clicked on a category
"ink cartridges" it will show all the products in this category. When i
select a brand "HP" from the drop down list, it will only display all "HP"
brand ink cartridges.Hence i use Request.QueryString.Get ("CategoryID") to
display the category that the user clicked. You have any idea which part of
error wrong? is my Select statement wrong?I really need help in
these..thanx..

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/For...p-net/200505/1

Nov 19 '05 #4
Me
Ha! Ha! That is funny!

I remember back in the day when I first started
programming. It was about 3 years ago I think. I
always believed you should learn the right way and
get the job done correctly. I thought in the end
it serves everyone to do it well. Then the ugly
real world set in and I haven't had the
opportunity to do anything but hastily throw down
ad hoc code to just get the job done fast. The
customer never knows the nightmare I face when
they ask my boss for a new feature or a bug fix.
Ah... the idealic life. Wonderful memories.

Ethem Azun wrote:
... I would recommend learning and doing
the right way instead of writing fast code that
just works.

Nov 19 '05 #5
I'm not sure I see anything glaringly wrong with your code as listed,
so I'd be tempted to suspect a malformed category name, especially
since, as someone pointed out, there are no apostrophes around the
CategoryID.

I just wanted to expand on what Ethem said about parameterized SQL.
This is about the most important thing you can do for your code in the
interest of security, the way I see it.

I'm also in the middle of writing a cart...here's the function I use to
do pretty much the same thing you're doing:

Public Function GetProductPageByCategory(ByVal ACategory As
cCategory, ByVal APage As Integer) As DataTable
Dim cn As New SqlConnection(ConnectionString)
Dim cmd As New SqlCommand("select ID, Name, Price from tblProducts
where ID in (select ProductID from tblProductPages where
CategoryID=@cat and Page=@page) order by Name", cn)
Dim da As New SqlDataAdapter(cmd)

Dim result As New DataTable

If ACategory Is Nothing Then Return result

cn.Open()
Try
cmd.Parameters.Add("@cat", ACategory.ID)
cmd.Parameters.Add("@page", APage)
da.Fill(result)
Catch ex As Exception
cn.Close()
Throw New DataException("Could not load the list of products for
category " & ACategory.FullName, ex)
Return Nothing
End Try

cn.Close()
Return result
End Function

Notice the parameters (@cat, @page) in the SQL. This guarrantees that
whatever I pass as @cat or @page will be considered one piece, not SQL
meant to be parsed. In your example, if I put something like the
following:

http://your.domain/your_app/your_pag...dummy;truncate table
Product;dummy

....I think you can see the fun you're in for in this case. :)

Good luck with the project!

-Phil

Nov 19 '05 #6

Well, then change your job. Stay cool, have fun.

And don't forget that in real life, there are real customers, real
strategies, real designs, real risks, real flaws, real laws and real audits
and real rewards. If you are not careful, you loose your job; in a very real
way. It is that simple. Unfortunately, sometimes you have to live through
that to get that experience, and I hope you will never have that
"opportunity".

If you don't know how to use a tool and don't want to learn how to in the
proper way, just don't use it. This way you are less dangerous to yourself as
well as to the society. You might be more talented in spending your energy
in smth else, so just do that. And before blaming everyone and everything
else, learn how to plan, and teach it also to your boss.
"Me" wrote:
Ha! Ha! That is funny!

I remember back in the day when I first started
programming. It was about 3 years ago I think. I
always believed you should learn the right way and
get the job done correctly. I thought in the end
it serves everyone to do it well. Then the ugly
real world set in and I haven't had the
opportunity to do anything but hastily throw down
ad hoc code to just get the job done fast. The
customer never knows the nightmare I face when
they ask my boss for a new feature or a bug fix.
Ah... the idealic life. Wonderful memories.

Ethem Azun wrote:
> ... I would recommend learning and doing
>the right way instead of writing fast code that
>just works.

Nov 19 '05 #7
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
need help - -PLEASE
by: Mike | last post by:
I have a web page that displays contact people in a drop down. the users selects a person then clicks the go button. The datagrid should pop with all the information on the select contact person,...
ASP.NET
2
Need help on template columns in datagrid
by: CW | last post by:
In an earlier thread, I was asking for help on "Invalid attempt to FieldCount when reader is closed" error when I was using a dataset rather than a datareader to bind to a datagrid. After...
ASP.NET
3
Populate a Drop Down List
by: Miguel Dias Moura | last post by:
Hello, i have an ASP.NET / VB page where i have a few 4 groups of Drop Down Lists. Each group of Drop Down Lists include 3 Drop Down Lists for date such as: DAY, MONTH, and YEAR. I don't want...
ASP.NET
3
HOWTO: Wrap Text or Wider the Drop Down Box? (Web Control)
by: Don Wash | last post by:
Hi There! I have a Server-side Drop-down box in ASP.NET (VB) page. What do I do to widen the Drop down box's Pull-Down list's width? I'm not talking about the Drop-down box's width but the box...
ASP.NET
2
creating drop down list at run time
by: Yoshitha | last post by:
hi I have 2 drop down lists in my application.1st list ontains itmes like java,jsp,swings,vb.net etc.2nd list contains percentage i.e it conatains the items like 50,60,70,80,90,100. i will...
ASP.NET
5
Problem Binding Data to DROP DOWN LIST CONTROL
by: Vigneshwar Pilli via DotNetMonster.com | last post by:
string connectionString1 = "server=(local); user=sa;password=sa; database=sonic"; System.Data.SqlClient.SqlConnection dbConnection1 = new System.Data.SqlClient.SqlConnection(connectionString1);...
ASP.NET
2
Urgently need help in drop down list..thanx
by: Joey Liang via DotNetMonster.com | last post by:
Hi all, I am new in asp.net, i encounter some problems in using drop down list and datagrid. I have manage to bind the data into datagrid but i wanted to bind the data into the datagrid accroding...
ASP.NET
1
Automatically Reload after Drop Down box
by: pmelanso | last post by:
Hello, I have a drop down list which is dynatically loaded from a database and I have a second drop down list that is also dynatically loaded depending on what is selected in the first drop down...
ASP.NET
4
CSS Drop Down Menu in IE7
by: TycoonUK | last post by:
Hi, As I do not have IE7 on my computer, I was wondering if there is a fault in my CSS Menu when using IE7. Please can someone look at my site - http://www.worldofmonopoly.co.uk and tell me...
HTML / CSS
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us