Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0using standard sqldatasource methods in dotnetnukeusing standard sqldatasource methods in dotnetnuke
Previous
 
Next
New Post
3/28/2008 1:12 PM
 
joe333

Joined: 3/26/2008
Posts: 11

 

 

 

 

 

 

 

 

 

 

 

 

 

>

 

So I am struggling with the 'data providers' in dotnetnuke and I want to get something running. 

 

 

So I went back to standard sqldatasource and set up a call to the insert method in the code behind on the button click.    But when I click on the button, the page just comes back and the database is not updated.  (My Select works fine.)

 

My questions are:

 

1.  Is this a legitimate way to proceed?

2. How do I know if there is a database access error?

3. Any thought on what I'm doing incorrectly?

 

Here's my sqldatasource:

 

<

 

asp:SqlDataSource ID="comment" runat="server" ConnectionString="<%$ ConnectionStrings:dnndevCS %>

"

 

 

 

SelectCommand

="SELECT * FROM dbo.mnArticle_Comments WHERE ArticleId = @ArticleID ORDER BY PublishDate DESC"

 

 

 

InsertCommand="INSERT INTO dbo.mnArticle_Comments (ArticleID, Name, Email, Comments, PublishDate) VALUES (@ArticleID, @CommentName, @CommentEmail, @CommentText, @CommentDate )"

>

 

 

 

<SelectParameters

>

 

 

 

<asp:QueryStringParameter Name="articleID" QueryStringField="id" Type="Int32"

/>

 

 

 

</SelectParameters>

 

 

 

<InsertParameters

>

 

 

 

 

<asp:formParameter Name="CommentText" formfield="txtComment" Type="String"

/>

 

 

 

<asp:formParameter Name="CommentEmail" formfield="txtEmail" Type="String"

/>

 

 

 

<asp:formParameter Name="CommentName" formfield="txtName" Type="String"

/>

 

 

 

<asp:formParameter Name="ArticleID" formfield="articleid" Type="Int32"

/>

 

 

 

<asp:Parameter Name="CommentDate" DefaultValue="<%=DateTime.Now.ToString() %>" Type="DateTime"

/>

 

 

 

</InsertParameters>

asp:SqlDataSource>

 

</

 
 
New Post
3/30/2008 9:19 AM
 
Michael Washington


Michael Washington's Avatar

www.LightSwitchHelpWebsite.com
Joined: 7/17/2004
Posts: 3526

I do not know if it is possible to get the sql datasource to work. However, have you tried this?

Super-Simple Module (DAL+) (C# and VB)


Michael Washington
http://ADefWebserver.com
www.ADefHelpDesk.com
A Free Open Source DotNetNuke Help Desk Module
 
New Post
3/31/2008 8:57 PM
 
Nathan Rover


Joined: 6/20/2005
Posts: 147

For starters, YES… you can use SqlDataSource to attach to any database you want from a DotNetNuke module… I do it everyday. I made a little example module to show how easy it is.

Here is the ascx page: BRAssociates_Comment_View.ascx


<%@ Control Language="VB" AutoEventWireup="false" CodeFile="BRAssociates_Comment_View.ascx.vb" Inherits="BRAssociates.Modules.Comment.View" %>

<table id="Main" runat="server">
    <tr>
        <td>
            <asp:Label ID="lbName" runat="server" Text="Name" CssClass="Normal" />
        </td>
        <td>
            <asp:TextBox ID="tbName" runat="server" CssClass="NormalTextBox" />
        </td>
    </tr>
    <tr>
        <td>
            <asp:Label ID="lbEmail" runat="server" Text="Email" CssClass="Normal" />
        </td>
        <td>
            <asp:TextBox ID="tbEmail" runat="server" CssClass="NormalTextBox" />
        </td>
    </tr>
    <tr>
        <td>
            <asp:Label ID="lbComment" runat="server" Text="Comment" CssClass="Normal" />
        </td>
        <td>
            <asp:TextBox ID="tbComment" runat="server" CssClass="NormalTextBox" />
        </td>
    </tr>
    <tr>
        <td colspan="2">
            <asp:Button ID="Submit" runat="server" Text="Submit" CssClass="Normal" />
        </td>
    </tr>
</table> 

<asp:SqlDataSource ID="sdsComment"
    runat="server"
    ConnectionString="Data Source=(local);Initial Catalog=Test;Integrated Security=True"
    SelectCommand="SELECT * FROM dbo.Comments"
    SelectCommandType="Text"
    InsertCommand="INSERT INTO dbo.Comments (Name, Email, Comment) VALUES (@Name, @Email, @Comment)"
    InsertCommandType="Text">
    <SelectParameters>
        <asp:QueryStringParameter Name="articleID" QueryStringField="id" Type="Int32" />
    </SelectParameters>
    <InsertParameters>
        <asp:ControlParameter Name="Name" ControlID="tbName" PropertyName="Text" Type="String" />
        <asp:ControlParameter Name="Email" ControlID="tbEmail" PropertyName="Text" Type="String" />
        <asp:ControlParameter Name="Comment" ControlID="tbComment" PropertyName="Text" Type="String" />
    </InsertParameters>
</asp:SqlDataSource>

Here is the code behind page: BRAssociates_Comment_View.ascx.vb

 

'
' Web Site Makers® - http://www.websitemakers.com
' Copyright (c) 2001-2007
' by Barnes, Rover & Associates, Inc. ( http://www.brassociates.net )
'

 

Imports DotNetNuke
Imports DotNetNuke.Common
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Collections.Generic
Imports System.Reflection
Imports System.Data.SqlClient
Imports DotNetNuke.Entities.Modules

Namespace BRAssociates.Modules.Comment

    Partial Class View

        Inherits Entities.Modules.PortalModuleBase

        Private Sub Submit_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Submit.Click

            sdsComment.Insert()

        End Sub

    End Class

End Namespace

Now, my DB table looks like this:

Column Name

Data Type

Allow Nulls

Notes

CommentID

int

No

This column is the identity column

Name

nvarchar(50)

No

 

Email

nvarchar(50)

No

 

Comment

nvarchar(MAX)

Yes

 

One more note, I can’t stress enough how absolutely, incredibly, terribly important it is that you use a stored procedure to handle this. Not to mention that it’s just a good idea/programming practice to separate you business logic layer from you presentation layer. If you already know how to do this forgive me but for the sake of anyone who doesn’t already know this stuff and might have stumbled across this post in a search here is how you can change the above code to support stored procedures.

First you must make a stored procedure… like so:

SET ANSI_NULLS ON

GO

SET QUOTED_IDENTIFIER ON

GO
-- =============================================
-- Author:        Nathan Rover
-- Create date:   3/31/08
-- Description:   This Sproc will handle the inserting
-- of data into the dbo.Comments table.
-- =============================================

CREATE PROCEDURE [dbo].[Comments_Insert_Sproc]

      @Name nvarchar(50),
      @Email nvarchar(50),
      @Comment nvarchar(MAX) = NULL

AS

 

BEGIN

          SET NOCOUNT ON;

    INSERT INTO dbo.Comments([Name], Email, Comment)
    VALUES (@Name, @Email, @Comment); 

END; 

Next, you must modify the line InsertCommand in the sqlDataSource "sdsComment" To Read:

InsertCommand="dbo.Comments_Insert_Sproc" 

Next, you must modify the line InsertCommandType in the sqlDataSource "sdsComment" To Read:

InsertCommandType="StoredProcedure"

Next, save and recompile. Test it out it should work… and now you can sleep easy at night knowing you have added a level of protection form a SQL injection attack.

I hope this helps… let me know if you have any problems or if you have any other questions.

Nathan Rover
 
New Post
4/1/2008 7:15 PM
 
joe333

Joined: 3/26/2008
Posts: 11

Nathan,

 

Thank you.  Great example.

 

So I'm using Formparameter instead of controlparameter, as when I use ControlParameter with my textboxes, it says it can't find the control.

And the insert works and stores my ID that I set and my current date that I set in a codebehind.  But I'm not getting my formparameters stored, the fields are blank in the database and there is no error message.

 

So my code looks like:

 

 

 

<asp:SqlDataSource ID="comment" runat="server" ConnectionString="<%$ ConnectionStrings:dnndevCS %>"
    SelectCommand="SELECT * FROM dbo.Article_Comments  WHERE ArticleId = @ArticleID ORDER BY PublishDate DESC"
    InsertCommand="INSERT INTO dbo.Article_Comments (ArticleID, Name, Email, Comment, PublishDate) VALUES (@ArticleID, @CommentName, @CommentEmail, @CommentText, @CommentDate )"  >
    <SelectParameters>
        <asp:QueryStringParameter Name="articleID"  DefaultValue="2637" Type="Int32" />
    </SelectParameters> 

 

    <InsertParameters>
   
                <asp:formParameter Name="CommentText" formfield="txtComment" type="String" />
                <asp:formParameter Name="CommentEmail" formfield="txtEmail" Type="String" />
                <asp:formParameter Name="CommentName" formfield="txtName" Type="String" />
                <asp:formParameter Name="ArticleID" defaultValue="2637"  Type="Int32" />
                <asp:Parameter Name="CommentDate"  Type="DateTime" />

    </InsertParameters> 
</asp:SqlDataSource>

and the fields are defined as follows:

 

 <asp:Panel align="left" style="padding: 5px; width: 90%;" id="panelAddComment" runat="server">
  <div class="head"><asp:label id="lblCEnter" text="Leave a Comment" resourcekey="plCEnter" runat="server" />
  </div>
  <hr />
  <div style="line-height: 25px;">

  <asp:label id="lblName" text="Name:&nbsp;"  runat="server" />
  <asp:textbox id="txtName" columns="40" runat="server" /> <br />
  <asp:label id="lblEmail" text="Email:&nbsp;"  runat="server" />
  <asp:textbox id="txtEmail" columns="40" runat="server" /> <br />
  <asp:label id="lblComments" text="Comments:"  runat="server" /><br />
  <asp:textbox id="txtComments" textmode="Multiline" columns="55" rows="4" runat="server" /> <br />
  
  
  <asp:linkbutton id="btnAddComment" text="Add Comment"   CssClass="CommandButton" causesvalidation="False" borderstyle="none" runat="server"></asp:linkbutton>
  
  </div>
 </asp:Panel>

 

and the codebehind just does a comment.insert()   (the date is set in the load event code)

 

What could be simpler?

 

 
 
New Post
4/1/2008 8:48 PM
 
Nathan Rover


Joined: 6/20/2005
Posts: 147

Ok, I see the problem it’s the asp panel but I can get around that… I reworked my example to show you how.

Here is the ascx page: BRAssociates_Comment_View.ascx

<%@ Control Language="VB" AutoEventWireup="false" CodeFile="BRAssociates_Comment_View.ascx.vb" Inherits="BRAssociates.Modules.Comment.View" %>

<asp:SqlDataSource ID="sdsComment"
    runat="server"
    ConnectionString="Data Source=(local);Initial Catalog=Test;Integrated Security=True"
    SelectCommand="SELECT * FROM dbo.Comments"
    SelectCommandType="Text"
    InsertCommand="dbo.Comments_Insert_Sproc"
    InsertCommandType="StoredProcedure">
    <SelectParameters>
        <asp:QueryStringParameter Name="articleID" QueryStringField="id" Type="Int32" />
    </SelectParameters>
    <InsertParameters>
    </InsertParameters>
</asp:SqlDataSource> 
<asp:Panel style="padding: 5px; width: 90%" ID="panelAddComment" runat="server">
<div class="head"><asp:Label ID="lblCEnter" Text="Leave a Comment" runat="server" />
</div>
<hr />
<div style="line-height: 25px;">
  <asp:label id="lblName" text="Name:&nbsp;"  runat="server" />
  <asp:textbox id="txtName" columns="40" runat="server" /> <br />
  <asp:label id="lblEmail" text="Email:&nbsp;"  runat="server" />
  <asp:textbox id="txtEmail" columns="40" runat="server" /> <br />
  <asp:label id="lblComments" text="Comments:"  runat="server" /><br />
  <asp:textbox id="txtComments" textmode="Multiline" columns="55" rows="4" runat="server" />
<br /> 
 <asp:LinkButton ID="btnAddComment" Text="Add Comment" CssClass="CommandButton"
 CausesValidation="False" BorderStyle="none" runat="server"></asp:LinkButton> 
</div>
</asp:Panel>
 

Here is the ascx.vb page: BRAssociates_Comment_View.ascx.vb 
'
' Web Site Makers® - http://www.websitemakers.com
' Copyright (c) 2001-2007
' by Barnes, Rover & Associates, Inc. ( http://www.brassociates.net )
'

Imports DotNetNuke
Imports DotNetNuke.Common
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Collections.Generic
Imports System.Reflection
Imports System.Data.SqlClient
Imports DotNetNuke.Entities.Modules 

Namespace BRAssociates.Modules.Comment
  Partial Class View
    Inherits Entities.Modules.PortalModuleBase 

      Private Sub Submit_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnAddComment.Click
        sdsComment.Insert()
      End Sub 

      Private Sub On_Comment_Inserting(ByVal sender As Object, ByVal e As SqlDataSourceCommandEventArgs) Handles sdsComment.Inserting

            Try
                Dim _tbComments As TextBox = CType(panelAddComment.FindControl("txtComments"), TextBox)
                Dim _tbName As TextBox = CType(panelAddComment.FindControl("txtName"), TextBox)
                Dim _tbEmail As TextBox = CType(panelAddComment.FindControl("txtEmail"), TextBox)
                Dim insertedKey As SqlParameter 
                '@Name
                insertedKey = New SqlParameter("@Name", SqlDbType.NVarChar, 50)
                insertedKey.Direction = ParameterDirection.Input
                insertedKey.Value = _tbName.Text.ToString()
                e.Command.Parameters.Add(insertedKey)

                '@Email
                insertedKey = New SqlParameter("@Email", SqlDbType.NVarChar, 50)
                insertedKey.Direction = ParameterDirection.Input
                insertedKey.Value = _tbEmail.Text.ToString()
                e.Command.Parameters.Add(insertedKey) 

                '@Comments
                insertedKey = New SqlParameter("@Comment", SqlDbType.NVarChar, 2000)
                insertedKey.Direction = ParameterDirection.Input
                insertedKey.Value = _tbComments.Text.ToString()
                e.Command.Parameters.Add(insertedKey)

      Catch ex As Exception
        ProcessModuleLoadException(Me, ex)
      End Try
    End Sub 

    Private Sub On_Comment_Inserted(ByVal sender As Object, ByVal e As SqlDataSourceStatusEventArgs) Handles sdsComment.Inserted

      Try
        CType(panelAddComment.FindControl("lblCEnter"), Label).Text += " Thank You."
        CType(panelAddComment.FindControl("txtComments"), TextBox).Text = String.Empty
        CType(panelAddComment.FindControl("txtName"), TextBox).Text = String.Empty
        CType(panelAddComment.FindControl("txtEmail"), TextBox).Text = String.Empty 
      Catch ex As Exception
        ProcessModuleLoadException(Me, ex)
      End Try
    End Sub

  End Class
End Namespace

Hope that helps, you will need to edit a few lines in the On_Coment_Inserting sub if your data types and/or sizes in your database are different from mine. If you have any questions let me know.

-- Nathan
 
 Page 1 of 1
Previous
 
Next
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0using standard sqldatasource methods in dotnetnukeusing standard sqldatasource methods in dotnetnuke


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out