0

I created a webpage called profile.aspx like that.

<div id="div1">
    <asp:Label ID="Label1" runat="server" >
        //Name
    </asp:Label>
    <asp:Label ID="Label2" runat="server">
        //Satutes 
    </asp:Label>
</div>

And this is the profile.aspx.cs file for this file

This select query

cmd.CommandText = "SELECT Name,Status FROM [ProfileStatusPhoto] 
           WHERE Email = '" + Session["Email"].ToString() + "'";

This is while loop

while (dr.Read())
{
    status += dr["Status"].ToString();
    name += dr["name"].ToString();
    Label1.Text = name;
    Label2.Text = status;
}

I have no idea,How to join this loop above div tags?

Improve this question
4
  • You have a SQL injection vulnerability in your SQL. Consider using an ORM such as entity framework. Commented Dec 17, 2014 at 11:37
  • Suggesting entity framework to fix an sql injection issue is like suggesting a cannon to get rid of a fly. Commented Dec 17, 2014 at 11:48
  • Why "that"? Why did you go with the div and only the div? If I am correct I think you want that portion to repeat, each time showing the corresponding data. Commented Dec 17, 2014 at 11:55
  • @JanVanHerck the poster clearly isn't that experienced with SQL, so using an orm which precludes any chance of a SQL injection attack is sensible. Frankly the problem in this case is not the fly (the bug) but the wall (the coder). Therefore a cannon is an appropriate tool. Commented Dec 21, 2014 at 9:53

2 Answers 2

Reset to default
1

you could do something lke this

<div id="container" runat="server">

</div>

on you page load

cmd.CommandText = "SELECT Name,Status FROM [ProfileStatusPhoto] WHERE Email = @Email";
cmd.Parameters.AddWithValue("@Email", Session["Email"].ToString());
while (dr.Read())
{
    System.Web.UI.HtmlControls.HtmlGenericControl div = 
    new System.Web.UI.HtmlControls.HtmlGenericControl("div");    
    Label nameLabel = new Label();
    status += dr["Status"].ToString();
    name += dr["name"].ToString();
    nameLabel.Text = name;
    Label statusLabel = new Label();
    statusLabel.Text = status;
   div.Controls.Add(nameLabel);
   div.Controls.Add(statusLabel);
   container.Controls.Add(div);
}

So you will have a container where for each pair name-status you will create a div with two labels

load these data only if it isn't a POstBack

if (!IsPostBack) {
    //load data
}
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

I pasted this code on my cs file, and there is a error for cmd.parameters. What is the namespase for cmd.parameters?
This is the error Error 7 'System.Data.SqlClient.SqlCommand' does not contain a definition for 'parameters' and no extension method 'parameters' accepting a first argument of type 'System.Data.SqlClient.SqlCommand' could be found (are you missing a using directive or an assembly reference?)
thanks, i used that code, i added it to page load method, but when i am run this page, there have IndexOutOfRangeException for name += dr["name"].ToString(); what should i do now.
chnage it to dr["Name"]. If it doesn't work check first if it isn't DbNULL
it's working but it has some problems. i typed an status and click the post button to post. but that status was not displayed, Then i refreshed the page, Then i could see it. Then i again enter a another status and refreshed the page, Then it was posted likes this 1st time===>Prabth Kanishkahi 2nd timeI sayed hello===> prabath KanishkaPrabath Kanishkahihello could you tell me how to fix this
|
0

If you want update your page dynamically over time you should place a timer in .aspx file and do page refresh or perform AJAX call and create div with JavaScript.

Look at this thread if you want to make a partial update with timer control.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.