Home/ Questions/Q 139373
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T07:25:23+00:00

I have the following vb.net code to take the values out of a textbox

  • 0

I have the following vb.net code to take the values out of a textbox on a webpage (actually space delimited tags) and split them with a space delimiter into an array. This works exactly how I want.

mySample.Tags = tagsTextBox.Text Dim tags As String = mySample.Tags Dim tagarray() As String Dim count As Integer tagarray = tags.Split(' ') For count = 0 To tagarray.Length - 1 Next

My issue is that I don’t know how to take each of the values in the array, after this code runs, to insert them as separate records in a table.

I also will not know how many items will be in the array.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. As Ian said this may be vurnerable for Sql injections. At the very least you should do a Server.HtmlEncode() for each tag you want to insert.

    To insert your data you could do the following:

    using (SqlConncetion conn = new SqlConnection(connstring)) using (SqlCommand cmd = conn.CreateCommand()) {    cmd.CommandText = 'INSERT INTO table(tag) values (@tag)';   cmd.Parameters.Add('@tag', SqlDbType.VarChar);    conn.Open();    foreach(string tag in tags)   {     cmd.Parameters['@tag'].Value = Server.HtmlEncode(tag);     cmd.ExecuteNonQuery();   } }

    This should work properly, but doing it in a stored procedure and you should be safe against sql injections since you use parameters.

    Also you should see here for a discussion around the use of parameters.

    • 0