Saafia NM

Saafia NM

  • NA
  • 52
  • 11k

Insert Query does not Work Properly

Feb 18 2016 2:53 AM
protected void Button1_Click(object sender, EventArgs e)
{
string collection = "abcdefghijklmnopqrstuvwxyz123456789";
string key1 = "";
Random rnd = new Random();
for (int i = 0; i < 5; i++)
{
int k1 = rnd.Next(collection.Length);
key1 += collection.Substring(k1, 1);
}
string password = key1;
HashAlgorithm hash = new SHA256Managed();
byte[] plainTextBytes = System.Text.Encoding.UTF8.GetBytes(password);
byte[] hashBytes = hash.ComputeHash(plainTextBytes);
string hashValue = Convert.ToBase64String(hashBytes);
Label2.Text = hashValue;
SqlCommand cmd = new SqlCommand("insert into HashKey values('" + Label2.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
if (FileUpload1.HasFile)
{
FileUpload1.SaveAs(Request.PhysicalApplicationPath.ToString() + @"\Files\" + FileUpload1.FileName.ToString());
FileInfo fii = new FileInfo(Request.PhysicalApplicationPath.ToString() + @"\Files\" + FileUpload1.FileName);
Label4.Text = fii.Name.ToString();
Label5.Text = fii.Length.ToString() + "Bytes";
string input = Request.PhysicalApplicationPath.ToString() + @"\Files\" + FileUpload1.FileName;
string output=Request.PhysicalApplicationPath.ToString() + @"\Encrypt\" + FileUpload1.FileName;
Encrypt(input,output);
string random = "0123456789";
string key2 = "";
Random ran = new Random();
for (int i = 0; i < 4; i++)
{
int k2 = ran.Next(random.Length);
key2 += random.Substring(k2, 1);
}
SqlCommand cmnd = new SqlCommand("insert into Upload(ID,Filename,Filesize,Keyword,Data) values('"+key2+"','" + Label4.Text + "','" + Label5.Text + "','" + TextBox1.Text + "','"+output+"')", con);
con.Open();
int k=cmnd.ExecuteNonQuery();
if (k > 0)
{
SqlCommand cmnd2 = new SqlCommand("select Keyword from Upload where Keyword=@keyword",con);
cmnd2.Parameters.AddWithValue("@keyword",TextBox1.Text);
using (SqlDataReader dr = cmnd2.ExecuteReader())
{
if (dr == null)
{
SqlCommand cmnd3 = new SqlCommand("insert into Index_list(ID,Keyword) values('"+key2+"','"+TextBox1.Text+"')", con);
cmnd3.ExecuteNonQuery();
}
else
{
SqlConnection connection = new SqlConnection(@"Data Source=gateway-PC;Initial Catalog=Blindstore;Integrated Security=True");
SqlCommand cmnd4 = new SqlCommand("UPDATE t SET ID = STUFF( (SELECT ',' + CAST(ID AS VARCHAR(100)) [text()] FROM Upload f WHERE t.Keyword = f.Keyword FOR XML PATH(''),TYPE).value('.','NVARCHAR(MAX)'), 1, 1, '') FROM Index_list t ", connection);
connection.Open();
cmnd4.ExecuteNonQuery();
}
Response.Write("<script launguage ='java script'> alert ('File Upload Sucessfully');</script>");
}
}
}
}
Insert query (cmnd3) does not work , please help me!!! 

Answers (23)