Session Timeout

[martin_d_bell]

I keep receiving an error on my asp.net application which says:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Line 1: Incorrect syntax near ')'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near ')'.

I believe this may be because I am passing a session variable into my SQL statement to search records. Because the user has kept the browser open and inactive for longer than 20 mins (my session timeout) this resets the session variable and cause the application to crash because it has no variable to search for.

SqlSelectCommand3.CommandText = _
"SELECT [Pri Key], ProNu, Supplier, ConfirmedDate, Confirmed " & _
"FROM POP_Parts " & _
"WHERE ProNu = '" & ProjectNo & "' AND Supplier = '" & Session("SupplierID") & "'"


Any ideas on a solution would be appreciated.

Thanks

 

[PlausiblyDamp]

You should check if the item in the session is nothing before attempting to use it in a query.

If Not Session("SupplierID") Is Nothing Then
    SqlSelectCommand3.CommandText = _
    "SELECT [Pri Key], ProNu, Supplier, ConfirmedDate, Confirmed " & _
    "FROM POP_Parts " & _
    "WHERE ProNu = '" & ProjectNo & "' AND Supplier = '" & Session("SupplierID") & "'"
End If

Also you are probably better off using either a stored procedure or a parameterised query rather than concatenating strings together (search these forums and you will find several threads on the hows and whys).