My name
is
Jon Skeet
is
Jon Skeet
C# Skipping parts of code
I got stucked - the first part of the code "// OPEN PRELOADING PAGE" will for some reason not execute and will be skipped. If I comment the rest of the code and only keep this part there, it works. What is wrong?
protected void Create_Order_Click(object sender, EventArgs e)
{
// OPEN PRELOADING PAGE
Response.Write("<script>");
Response.Write("window.open('smth.aspx','_blank')");
Response.Write("</script>");
// DEFINE CONNECTION
SqlConnection conn = new SqlConnection(ConfigurationManager
.ConnectionStrings["SqlConnectionString"].ConnectionString);
// OPEN CONNECTION
conn.Open();
// DEFINE FIRST SQL QUERY
string insertOrder = "INSERT INTO Order_Connection (FK_User_ID) VALUES ('" + Session["User_ID"] + "')";
string str = FileUpload1.FileName;
FileUpload1.PostedFile.SaveAs(Server.MapPath(".") + "//upload//" + str);
string path = "//xxx.cz/intranet/pages/upload/" + str.ToString();
string insertOrder_Content = "INSERT INTO Order_Content (Uploaded_Photo, Issue_Description, Place_Of_Repair, Transfer_Method, Date_To_Bring, Date_To_Take) VALUES ('" + path + "', @Issue_Description, @Place_Of_Repair, @Transfer_Method, @Date_To_Bring, @Date_To_Take)";
SqlCommand comInsertIntoOrder = new SqlCommand(insertOrder_Content, conn);
comInsertIntoOrder.Parameters.AddWithValue("@Issue_Description", TextBox_Issue_Description.Text);
comInsertIntoOrder.Parameters.AddWithValue("@Place_Of_Repair", DropDownList_Place.SelectedItem.ToString());
comInsertIntoOrder.Parameters.AddWithValue("@Transfer_Method", DropDownList_Transfer.SelectedItem.ToString());
comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Bring", TextBox_Date_To_Bring.Text);
comInsertIntoOrder.Parameters.AddWithValue("@Date_To_Take", TextBox_Date_To_Take.Text);
comInsertIntoOrder.ExecuteNonQuery();
// EXECUTE FIRST SQL QUERY
SqlCommand com = new SqlCommand(insertOrder, conn);
// EXECUTE NOW
com.ExecuteNonQuery();
// CLOSE CONNECTION
conn.Close();
Response.Redirect("http://xxx.cz/intranet/pages/Success.aspx");
}
You're calling Response.Redirect at the end of the method. That's going to basically terminate the request with a 302 response. The data you'd previously written to the (buffered) response is irrelevant at that point.
Additionally, you should look into parameterized SQL - your database handling is currently vulnerable to SQL injection attacks. (Always, always, always parameterize your SQL, basically.)
See more on this question at Stackoverflow