How to append text value of a label control with textbox control. How to insert this value into database?

Question

I have a web form in which I am using a textbox control with multiline property and below this control I am using a label control. I want that whatever I type in my textbox after every entry the text in label control gets appended with the text I have given as input. This is my aspx page-

<table border="1">
    <tr>
        <td>Content:</td>
        <td>
            <asp:TextBox ID="txtdetails" runat="server" TextMode="MultiLine" Height="101px" Width="328px"></asp:TextBox><br />
            <asp:Label ID="lblsource" runat="server" Text=""></asp:Label>
        </td>
    </tr>
    <tr>
        <td colspan="2" align="center">
            <asp:Button ID="btnsub" runat="server" Text="Submit" onclick="btnsub_Click" />
        </td>
    </tr>
</table>

This is my cs page-

protected void btnsub_Click(object sender, EventArgs e)
{
    try
    {
        if (txtdetails.Text != "")
        {
            txtdetails.Text = txtdetails.Text.Replace(System.Environment.NewLine, "<br>");
            maxid = g1.generate_max_reg_id("select max(id) from tbl_content");
            rows = g1.ExecDB("insert into tbl_content values(" + maxid + ",'" + txtdetails.Text.ToString() + string.Format("{0}<strong>MyName</strong>", lblsource.Text)+"')");
            txtdetails.Text = string.Empty;
         }
         if (rows > 0)
         {
             ClientScript.RegisterStartupScript(typeof(Page), "AlertMessage", "alert('Successful!!!');window.location='textare_append.aspx';", true);
         }
     }
     catch (Exception ex)
     {
         Response.Write(ex.ToString());
     }
 }

I am getting a SQL exception in insert query. Please guide where I am doing wrong?

On a side note, you shouldn't just pass user-input directly into a query/command into the database, malicious users can do SQL-injection attacks that way. You should escape/sanitize user-input, or use a class that will do it for you. — , Mar 31 '14 at 10:38
Exception Says- System.Data.SqlClient.SqlException (0x80131904): String or binary data would be truncated. The statement has been terminated. I guess this is due to passing large string. in my database table I have datatype varchar(255); — Omi, Mar 31 '14 at 11:01

score 0 · Accepted Answer · answered Mar 31 '14 at 13:44

protected void btnsub_Click(object sender, EventArgs e)
{
    try
    {
        if (txtdetails.Text != "")
        {
            lblsource.Text=lblsource.Text+ txtdetails.Text;
            txtdetails.Text = txtdetails.Text.Replace(System.Environment.NewLine, "<br>");
            maxid = g1.generate_max_reg_id("select max(id) from tbl_content");
            rows = g1.ExecDB("insert into tbl_content values(" + maxid + ",'" + txtdetails.Text.ToString() + string.Format("{0}<strong>MyName</strong>", lblsource.Text)+"')");
            txtdetails.Text = string.Empty;
         }
         if (rows > 0)
         {
             ClientScript.RegisterStartupScript(typeof(Page), "AlertMessage", "alert('Successful!!!');window.location='textare_append.aspx';", true);
         }
     }
     catch (Exception ex)
     {
         Response.Write(ex.ToString());
     }
 }

How to append text value of a label control with textbox control. How to insert this value into database?

1 Answers1